[Openid-specs-ab] Form Post Response Mode example has 'Pragma: no-cache'

Brian Campbell bcampbell at pingidentity.com
Thu Feb 19 22:16:34 UTC 2015


The example response in
http://openid.net/specs/oauth-v2-form-post-response-mode-1_0-03.html#FormPostResponseExample
has a "Pragma: no-cache" response header.

However both RFC 2616 <http://tools.ietf.org/html/rfc2616#section-14.32>
and the shiny new RFC 7234 <https://tools.ietf.org/html/rfc7234#section-5.4>
make special note along the lines of the following to say that it doesn't
work as response header:

     'Note: Because the meaning of "Pragma: no-cache" in responses is
      not specified, it does not provide a reliable replacement for
      "Cache-Control: no-cache" in them.'


It doesn't really hurt anything having it in the Form Post Response Mode
document but I'm thinking it'd be better to not further perpetuate the
"Pragma: no-cache" response header myth in this specification* and that
that line should probably be removed from the example.

Or am I wrong on this? And if so, what am I missing?


* And, yeah, it's in Connect Core and OAuth 2.0 as well but I figured
starting with a draft that wasn't yet final was good.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150219/0f206fa4/attachment-0001.html>


More information about the Openid-specs-ab mailing list