[Openid-specs-ab] Issue #1483: Directive "Pragma" no-cache (openid/connect)
Andrii Deinega
issues-reply at bitbucket.org
Fri Apr 22 23:45:49 UTC 2022
New issue 1483: Directive "Pragma" no-cache
https://bitbucket.org/openid/connect/issues/1483/directive-pragma-no-cache
Andrii Deinega:
Both specifications [https://openid.net/specs/openid-connect-frontchannel-1\_0-05.html](https://openid.net/specs/openid-connect-frontchannel-1_0-05.html) and [https://openid.net/specs/openid-connect-backchannel-1\_0-07.html](https://openid.net/specs/openid-connect-backchannel-1_0-07.html) may omit the “Pragma“ directives.
This is [a backward compatibility directive](https://datatracker.ietf.org/doc/html/rfc7234#section-5.4) for old HTTP 1.0, and this directive is for an HTTP request, not a response. There was a discussion on that in OAuth2 WG [here](https://mailarchive.ietf.org/arch/msg/oauth/9DdkE2P0RrUZMeZAbdf3NrMfy0w/) quite long ago.
In addition to that, the Cache-Control may include only “no-store“, as it already includes “no-cache” per [https://datatracker.ietf.org/doc/html/rfc7234#section-5.2.1.5](https://datatracker.ietf.org/doc/html/rfc7234#section-5.2.1.5).
More information about the Openid-specs-ab
mailing list