Trang web này sẽ có chức năng hạn chế trong khi chúng tôi trải qua bảo trì để cải thiện trải nghiệm của bạn. Nếu một bài viết không giải quyết được vấn đề của bạn và bạn muốn đặt câu hỏi, chúng tôi có cộng đồng hỗ trợ của chúng tôi đang chờ để giúp bạn tại @FirefoxSupport trên Twitter và /r/firefox trên Reddit.

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Cache is stored even after sending no-cache, no-store, must-revalidate headers

  • 6 trả lời
  • 1 gặp vấn đề này
  • 1 lượt xem
  • Trả lời mới nhất được viết bởi achoudhary

more options

Hello Support,

We require to prevent the firefox from storing our website's sensitive pages. We are in need of a SSL certificate and SSL company are seeing it as a security threat when the sensitive pages are being stored in cache and even after we turn off the internet the pages still show up.

We have tried disabling the cache using server side code but nothing works. We tried HTML meta tags as below:

<meta http-equiv="cache-control" content="max-age=0" /> <meta http-equiv="cache-control" content="no-cache, no-store, must-revalidate" /> <meta http-equiv="expires" content="0" /> <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /> <meta http-equiv="pragma" content="no-cache" />

Then tried with PHP, still didn't worked:

header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1. header("Pragma: no-cache"); // HTTP 1.0. header("Expires: 0"); // Proxies.


Though it shows the correct response headers but does not work. I have posted a similar Questions on stackoverflow.com but it seems that no one has any answer to this.

Stackoverflow Link: https://stackoverflow.com/questions/35842135/firefox-stores-cache-even-if-meta-tag-is-set-to-no-cache-no-store-must-revalid

Same settings work on chrome and other major browsers but does not work in firefox. On work offline mode, pages should not show up if I'm right.

Can you enlighten me on this as in what's really happening with Firefox? I am using Firefox version 44.0.2 on Windows 7 64-bit Platform.

Thanks

Hello Support, We require to prevent the firefox from storing our website's sensitive pages. We are in need of a SSL certificate and SSL company are seeing it as a security threat when the sensitive pages are being stored in cache and even after we turn off the internet the pages still show up. We have tried disabling the cache using server side code but nothing works. We tried HTML meta tags as below: <!-- Cache control --> <meta http-equiv="cache-control" content="max-age=0" /> <meta http-equiv="cache-control" content="no-cache, no-store, must-revalidate" /> <meta http-equiv="expires" content="0" /> <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /> <meta http-equiv="pragma" content="no-cache" /> Then tried with PHP, still didn't worked: header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1. header("Pragma: no-cache"); // HTTP 1.0. header("Expires: 0"); // Proxies. Though it shows the correct response headers but does not work. I have posted a similar Questions on stackoverflow.com but it seems that no one has any answer to this. Stackoverflow Link: https://stackoverflow.com/questions/35842135/firefox-stores-cache-even-if-meta-tag-is-set-to-no-cache-no-store-must-revalid Same settings work on chrome and other major browsers but does not work in firefox. On work offline mode, pages should not show up if I'm right. Can you enlighten me on this as in what's really happening with Firefox? I am using Firefox version 44.0.2 on Windows 7 64-bit Platform. Thanks

Được chỉnh sửa bởi achoudhary vào

Tất cả các câu trả lời (6)

more options

I'm a little surprised, but if you need a workaround, you can use POST instead of GET to retrieve sensitive pages. Example:

https://jeffersonscher.com/res/nostore1.php

more options

Thanks for the reply Jscher.

I wonder if its possible through GET only as we the sensitive info we are displaying is dynamically generated to an HTML page. Now this HTML page is accessed through the web and we cannot check if its post request in HTML pages. Is there any way we can get it done on HTML pages through GET request?

Thanks

more options

Hopefully someone else can answer about GET requests.

About this:

achoudhary said

... the sensitive info we are displaying is dynamically generated to an HTML page. Now this HTML page is accessed through the web and we cannot check if its post request in HTML pages.

But you're not wedded to a static HTML page, right? You can use PHP, ASP.Net, or another scripting language to detect the request type of the main page and embed an anti-CSRF token that allows you to validate the source of the background request. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet

more options

Yes We can do that. But the question remains the same. Is there a way to accomplish that on HTML pages?

Even if I turn-off the internet or unplug the internet cable still the webpages show up.

Weird it seems to me and SSL company. CTRL + f5 doesn't respond.

This might be a security threat as I can see. If there's some background trojan running offline and gathering the info and sends the bundled info gathered(during offline) when we're online.

Any ways, thanks for the support. So the solution that came out is that we cannot prevent firefox from storing cache through get request if the page is a simple HTML page and it will continue to show up even if the internet is not connected.

more options

This is not a developer support site, so don't take the lack of response to your question as "the answer."

Where to go for developer support