[Openid-specs-ab] Form Post Response Mode example has 'Pragma: no-cache'
Brian Campbell
bcampbell at pingidentity.com
Thu Feb 19 22:16:34 UTC 2015
The example response in
http://openid.net/specs/oauth-v2-form-post-response-mode-1_0-03.html#FormPostResponseExample
has a "Pragma: no-cache" response header.
However both RFC 2616 <http://tools.ietf.org/html/rfc2616#section-14.32>
and the shiny new RFC 7234 <https://tools.ietf.org/html/rfc7234#section-5.4>
make special note along the lines of the following to say that it doesn't
work as response header:
'Note: Because the meaning of "Pragma: no-cache" in responses is
not specified, it does not provide a reliable replacement for
"Cache-Control: no-cache" in them.'
It doesn't really hurt anything having it in the Form Post Response Mode
document but I'm thinking it'd be better to not further perpetuate the
"Pragma: no-cache" response header myth in this specification* and that
that line should probably be removed from the example.
Or am I wrong on this? And if so, what am I missing?
* And, yeah, it's in Connect Core and OAuth 2.0 as well but I figured
starting with a draft that wasn't yet final was good.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150219/0f206fa4/attachment.html>
More information about the Openid-specs-ab
mailing list