[BUGFIX] Send correct Cache-Control header if no client side caching 93/54793/2
authorŁukasz Uznański <l.uznanski@macopedia.pl>
Mon, 27 Nov 2017 12:20:45 +0000 (13:20 +0100)
committerMarkus Klein <markus.klein@typo3.org>
Mon, 27 Nov 2017 16:19:36 +0000 (17:19 +0100)
Add 'Cache-Control: no-store' if conditions allowing client caching
are not met. This change will prevent caching content by browser.

Resolves: #81160
Releases: master, 8.7, 7.6
Change-Id: Ia91a339178b8cd8387706679bbea40ed0d1b0548
Reviewed-on: https://review.typo3.org/54793
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php

index 3b6aeab..c43a947 100644 (file)
@@ -3669,9 +3669,10 @@ class TypoScriptFrontendController
             ];
             $this->isClientCachable = true;
         } else {
-            // Build headers:
+            // Build headers
+            // "no-store" is used to ensure that the client HAS to ask the server every time, and is not allowed to store anything at all
             $headers = [
-                'Cache-Control: private'
+                'Cache-Control: private, no-store'
             ];
             $this->isClientCachable = false;
             // Now, if a backend user is logged in, tell him in the Admin Panel log what the caching status would have been: