[Openid-specs-ab] Form Post Response Mode example has 'Pragma: no-cache'

John Bradley ve7jtb at ve7jtb.com
Fri Feb 20 03:19:03 UTC 2015


Yes and yes.

> On Feb 19, 2015, at 5:08 PM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> 
> First question to the working group:  Do we agree that "Pragma: no-cache" should be changed to "Cache-Control: no-cache" in the Form Post Response Mode spec before approval?
>  
> Second question to the working group:  If we agree to make this change (to text that only occurs in a non-normative example), are people comfortable doing this without restarting the 60 day review period (but still notifying people of the change)?
>  
> My personal answers would be “yes” and “yes” but we shouldn’t do this at this point unless there’s working group consensus to do so.
>  
> Brian, could you also send a note to the OAuth working group pointing this problem with RFC 6749 and RFC 6750 and asking whether errata should be filed?  This would help get more expert eyes on the issue.
>  
> Thanks for bringing this to our attention, Brian!
>  
>                                                                 -- Mike
>  
> From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Brian Campbell
> Sent: Thursday, February 19, 2015 2:17 PM
> To: <openid-specs-ab at lists.openid.net>
> Subject: [Openid-specs-ab] Form Post Response Mode example has 'Pragma: no-cache'
>  
> The example response in http://openid.net/specs/oauth-v2-form-post-response-mode-1_0-03.html#FormPostResponseExample <http://openid.net/specs/oauth-v2-form-post-response-mode-1_0-03.html#FormPostResponseExample> has a "Pragma: no-cache" response header.
> 
> However both RFC 2616 <http://tools.ietf.org/html/rfc2616#section-14.32> and the shiny new RFC 7234 <https://tools.ietf.org/html/rfc7234#section-5.4> make special note along the lines of the following to say that it doesn't work as response header:
> 
> 
>      'Note: Because the meaning of "Pragma: no-cache" in responses is
>       not specified, it does not provide a reliable replacement for
>       "Cache-Control: no-cache" in them.'
> 
> It doesn't really hurt anything having it in the Form Post Response Mode document but I'm thinking it'd be better to not further perpetuate the "Pragma: no-cache" response header myth in this specification* and that that line should probably be removed from the example.
> 
> Or am I wrong on this? And if so, what am I missing?
>  
> 
> * And, yeah, it's in Connect Core and OAuth 2.0 as well but I figured starting with a draft that wasn't yet final was good.
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150219/ce76653d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4326 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150219/ce76653d/attachment.p7s>


More information about the Openid-specs-ab mailing list