doorkeeper icon indicating copy to clipboard operation
doorkeeper copied to clipboard

Published 20 hours ago verified publisher icon doorkeeper-gem

Add Pragma: no-cache to token response

Open ransombriggs opened this issue 8 months ago • 0 comments

Summary

According to the spec we should be returning a Pragma header in the token response.

The authorization server MUST include the HTTP "Cache-Control" response header field [RFC2616] with a value of "no-store" in any response containing tokens, credentials, or other sensitive information, as well as the "Pragma" response header field [RFC2616] with a value of "no-cache".

When I was doing a review of our implementation I found that the Pragma header is missing so adding it to be compliant.

ransombriggs avatar Jun 28 '24 15:06 ransombriggs