[Openid-specs-ab] Form Post Response Mode example has 'Pragma: no-cache'
bcampbell at pingidentity.com
Thu Feb 19 22:16:34 UTC 2015
The example response in
has a "Pragma: no-cache" response header.
However both RFC 2616 <http://tools.ietf.org/html/rfc2616#section-14.32>
and the shiny new RFC 7234 <https://tools.ietf.org/html/rfc7234#section-5.4>
make special note along the lines of the following to say that it doesn't
work as response header:
'Note: Because the meaning of "Pragma: no-cache" in responses is
not specified, it does not provide a reliable replacement for
"Cache-Control: no-cache" in them.'
It doesn't really hurt anything having it in the Form Post Response Mode
document but I'm thinking it'd be better to not further perpetuate the
"Pragma: no-cache" response header myth in this specification* and that
that line should probably be removed from the example.
Or am I wrong on this? And if so, what am I missing?
* And, yeah, it's in Connect Core and OAuth 2.0 as well but I figured
starting with a draft that wasn't yet final was good.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab