allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject allura git commit: [#8153] stronger Cache-Control headers for pages when logged in
Date Mon, 01 May 2017 18:17:37 GMT
Repository: allura
Updated Branches:
  refs/heads/db/8153 [created] 6f15b4753


[#8153] stronger Cache-Control headers for pages when logged in


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/6f15b475
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/6f15b475
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/6f15b475

Branch: refs/heads/db/8153
Commit: 6f15b47536a5d2a5f6fc69c350a019cb63942c31
Parents: ae3ec55
Author: Dave Brondsema <dave@brondsema.net>
Authored: Mon May 1 14:17:32 2017 -0400
Committer: Dave Brondsema <dave@brondsema.net>
Committed: Mon May 1 14:17:32 2017 -0400

----------------------------------------------------------------------
 Allura/allura/controllers/root.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/6f15b475/Allura/allura/controllers/root.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/root.py b/Allura/allura/controllers/root.py
index 891cbc2..25bbf89 100644
--- a/Allura/allura/controllers/root.py
+++ b/Allura/allura/controllers/root.py
@@ -24,7 +24,7 @@ from tg import expose, request, config, session
 from tg.decorators import with_trailing_slash
 from tg.flash import TGFlash
 from pylons import tmpl_context as c
-from pylons import app_globals as g
+from pylons import response
 from paste.deploy.converters import asbool
 
 from allura.app import SitemapEntry
@@ -98,6 +98,12 @@ class RootController(WsgiDispatchController):
             if asbool(config.get('force_ssl.logged_in')):
                 session.secure = True
 
+            # Make sure the page really isn't cached (not accessible by back button, etc)
+            # pylons.configuration defaults to "no-cache" only.
+            # See also http://blog.55minutes.com/2011/10/how-to-defeat-the-browser-back-button-cache/
and
+            # https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching?hl=en#defining_optimal_cache-control_policy
+            response.headers['Cache-Control'] = 'no-cache, no-store, must-revalidate'
+
     def _cleanup_request(self):
         pass
 


Mime
View raw message