[Openid-specs-ab] [openid/connect] Cache headers in response examples needed (issue #777)
John Bradley
issues-reply at bitbucket.org
Sat Feb 16 02:26:48 UTC 2013
--- you can reply above this line ---
New issue 777: Cache headers in response examples needed
https://bitbucket.org/openid/connect/issue/777/cache-headers-in-response-examples-needed
John Bradley:
Section 5.1 of RFC6749 "OAuth 2.0 Authorization Framework" states:
"The authorization server MUST include the HTTP "Cache-Control"
response header field [RFC2616] with a value of "no-store" in any
response containing tokens, credentials, or other sensitive
information, as well as the "Pragma" response header field [RFC2616]
with a value of "no-cache"."
I've noticed several of the response examples in the current and previous versions of "draft-ietf-oauth-dyn-reg-xx.txt" fail to include the required "Pragma: "no-cache" directive. I assume this is an oversight and am merely pointing out that it needs to be included.
--
This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.
More information about the Openid-specs-ab
mailing list