Comments (4)
Hi @Jxck,
In response to your questions regarding headers and their directives/values:
Pragma
is still supported because it was used by Microsoft as a response header in old versions of IEExpires
is still supported in order to disable caching for old clients that adhered to the HTTP 1.0 spec, whenCache-Control
was not a thing
Working in the public health sector in the UK I have to ensure backwards compatibility as much as possible, because not everyone is accessing sites using the latest version of Chrome, Edge, or Firefox. We still have people using Internet Explorer 5, and we cannot exclude them from accessing web-based health services because of that. As such, these headers will continue to be included.
from fastify-disablecache.
@Fdawgs Thanks for reply !
Oh it's much interesting if you have specific reason to do this. Yes backward compatible is important and service should allow various user.
Working in the public health sector in the UK
That seems real usecase what I want. Could you share a URL for it ?
my interest here is once keep compatible with such a old browsers, it really works on every aspects ? for example is it possible to build html+css+js contents compatible for IE5? they only implements HTTP/1.0 which doesn't supports Host based virtual host , content-negotiation. Aslo it only supports TLS1.0 or SSL3.0 (maybe), It really could establish a connection in correct cipher suite, and CA certificate ? It doesn't cause a security incident? etc etc etc
In recently deployment, for example using Fastify ! its soooo hard to support http/1.0, tls/1.0, html4, js?? client. I wonder it doesn't work (event could not establish access). So I'm so interested in your work !
On the other hand, sometimes access.log shows phantom entry which shows unbelievable user-agent from phantom old client. its mystery of internet.
If you consider "old browser user exists" based on access logs, I recommend you to check such a client could really works on your site. If it doesn't, it already lost compatible for them, so adding backward caching headers are only waste of bytes.
(I don't know how can I install IE5 to recent machines, VM?)
from fastify-disablecache.
@Jxck, just to let you know I'm investigating using only no-store in this plugin.
You may also want to raise this in OWASP's repos, as they also use more than just the no-store directive:
https://github.com/OWASP/www-project-secure-headers
from fastify-disablecache.
Okay, having done further testing, only using no-store
is not feasible for backwards compatibility.
Internet Explorer uses the no-cache
directive to prevent caching, not no-store
as it should. max-age=0, must-revalidate
functions the same as no-cache
and stops caching for even older clients.
Also see https://blog.httpwatch.com/2008/10/15/two-important-differences-between-firefox-and-ie-caching/
from fastify-disablecache.
Related Issues (6)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastify-disablecache.