Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pages with session messages should never be cached #3108

Closed
mahagr opened this issue Dec 22, 2020 · 3 comments
Closed

Pages with session messages should never be cached #3108

mahagr opened this issue Dec 22, 2020 · 3 comments
Assignees
@mahagr
Labels
bug fixed

Comments

@mahagr
Copy link
Member

mahagr commented Dec 22, 2020
edited
Loading

Session messages should prevent caching in both Grav and in the browser.
@mahagr mahagr added the bug label Dec 22, 2020
@mahagr mahagr self-assigned this Dec 22, 2020
@mahagr mahagr mentioned this issue Dec 22, 2020
Closed
4 tasks
mahagr added a commit that referenced this issue Dec 22, 2020
@mahagr
Fixed pages with session messages should never be cached [#3108]
d1925c8
@mahagr mahagr added the fixed label Dec 22, 2020
@mahagr
Copy link
Member Author

mahagr commented Dec 22, 2020

Fixed in Grav 1.7 branch.

@mahagr mahagr closed this as completed Dec 22, 2020
@NicoHood
Copy link
Contributor

I am not yet understanding how this works, could you maybe go more into details?

For example:
I've written a rating plugin with email verification. Once you click the link you end on the page that was rated + a thank you message. However if the page was cached in first place, this message will never be shown, as the browser will still load it from the cache. I am not sure about subsequent requests. Is this covered? This sounds tricky to me (except changing cache settings globally)

@mahagr
Copy link
Member Author

mahagr commented Dec 23, 2020
edited
Loading

It does not fix cached pages, it just fixes messages like "You login has failed", "Entry saved" etc from being cached into browser or proxy. So information leaks from one user to another.

Like I said, forms are a separate issue altogether.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mahagr mahagr

Labels
bug fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mahagr @NicoHood