- changed status to resolved
Cache headers in response examples needed
Issue #777
resolved
Section 5.1 of RFC6749 "OAuth 2.0 Authorization Framework" states:
"The authorization server MUST include the HTTP "Cache-Control"
response header field [RFC2616] with a value of "no-store" in any
response containing tokens, credentials, or other sensitive
information, as well as the "Pragma" response header field [RFC2616]
with a value of "no-cache"."
I've noticed several of the response examples in the current and previous versions of "draft-ietf-oauth-dyn-reg-xx.txt" fail to include the required "Pragma: "no-cache" directive. I assume this is an oversight and am merely pointing out that it needs to be included.
Comments (4)
-
reporter
-
reporter
- changed status to open
Fixed I added the Pragma: no-cache to the examples that were missing it.
Please check
-
reporter
-
assigned issue to
Michael Jones
-
assigned issue to
-
- changed status to resolved
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- Registration
- Milestone
- Implementer's Draft
- Version
- –
- Votes
- 0
- Watchers
- 0
Fixed
#777added Pragma: no-cache to the example responses that were missing it.→ <<cset 5d71e14bfdee>>