Closed
Bug 202896
Opened 21 years ago
Closed 8 years ago
Cache-Control in Meta-Tag is ignored in xslt
Categories
(Core :: XSLT, defect)
Core
XSLT
Tracking
()
RESOLVED
WONTFIX
Future
People
(Reporter: darin.moz, Unassigned)
References
Details
(Keywords: privacy, sec-want, Whiteboard: [sg:want])
>Issue details: >On a secure connection, returned content includes >the following meta tags: ><meta HTTP-EQUIV="Expires" CONTENT="-1"> ><meta HTTP-EQUIV="Cache-Control" CONTENT="no- >cache, no-store"> > >However, the page in question is stored in the >browser's cache, and it is possible for an >unauthorized user to navigate to it via the >browser's back button. i'm not sure this needs to be security sensitive, but i'm filing it that way just in case.
|
Reporter | |
Updated•21 years ago
|
Severity: normal → critical
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.4beta
|
||
Updated•21 years ago
|
Summary: Cache-Control Meta-Tag Bug → Cache-Control in Meta-Tag is ignored
|
||
Comment 1•21 years ago
|
||
http://www.pacificnet.net/~johnr/meta.html has an interesting note on this about IE behavor...
|
||
Comment 2•18 years ago
|
||
I cannot reproduce the "on a secure connection" part, we don't cache SSL pages. But we do ignore no-cache, no-store in meta tags. We do obey expires so we will reload pages that change often, but there is a potential privacy problem with storing the files locally. Since this is a privacy issue rather than an exploit there's no need for the confidential flag. People can better protect themselves if this issue is known.
|
|
Reporter | |
Comment 3•18 years ago
|
||
*** Bug 272857 has been marked as a duplicate of this bug. ***
|
|
Reporter | |
Comment 4•17 years ago
|
||
-> reassign to default owner
Assignee: darin.moz → nobody
Status: ASSIGNED → NEW
|
||
Comment 5•16 years ago
|
||
I tested this bug on Firefox 2.0.0.11 and it seems it has been partially fixed. Firefox obeys meta tags, including CC: no-cache, no-store, must-revalidate and the likes, and their value overrides whichever value was set by a header. **However** this is only valid for documents served as text/html. Firefox still seems to ignore meta tags in documents generated by its XSLT engine Transformiix. Tested on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012904 Minefield/3.0b3pre
|
||
Comment 7•10 years ago
|
||
Old but good. Resetting some target flags, looking for a mentor. Bobby Holley, if you're willing to mentor this bug, I choo choo choose you.
Severity: critical → normal
Flags: needinfo?(bobbyholley)
Priority: P1 → --
Target Milestone: mozilla1.4beta → Future
|
||
Comment 8•10 years ago
|
||
(In reply to Mike Hoye [:mhoye] from comment #7) > Old but good. Resetting some target flags, looking for a mentor. Bobby > Holley, if you're willing to mentor this bug, I choo choo choose you. I am not the right person to mentor this bug. I think you want someone who does more networking.
Flags: needinfo?(bobbyholley)
|
||
Updated•8 years ago
|
Component: Networking: HTTP → XSLT
Summary: Cache-Control in Meta-Tag is ignored → Cache-Control in Meta-Tag is ignored in xslt
|
||
Comment 9•8 years ago
|
||
We don't support cache-control meta tags at all anymore, and haven't in 5 years or so. It's not in the spec, it's not really supported in other browsers, and we don't have plans to readd any sort of support. See also bug 579846 and bug 629621.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•