-
assigned issue to
Michael Jones
William Denniss' suggestion about Cache-Control: no-cache, no-store
Issue #2025
resolved
William Dennis suggested this to me in e-mail:
Update examples using Pragma: no-cache to also include Cache-Control: no-cache, no-store and add language "Because the Authorization Response is intended to be used only once, the Authorization Server MUST instruct the User Agent (and any intermediaries) not to store or reuse the content of the response." as was done in the Form Post Response Mode draft.
Comments (5)
-
reporter
-
https://mailarchive.ietf.org/arch/msg/oauth/9DdkE2P0RrUZMeZAbdf3NrMfy0w/ is a link to a discussion on the "pragma" response header in OAuth 2 WG.
-
reporter
- changed status to open
Discussed on the 14-Aug-23 working group call.
-
reporter
Will be fixed by https://bitbucket.org/openid/connect/pull-requests/617
-
reporter
- changed status to resolved
- Log in to comment
