[!!!][TASK] Set no-cache headers only to PSR-7 Response
The related HTTP no-cache headers (e.g. when a user is logged in) are now only set via PSR-15 middlewares (already in place for Backend Users, but now added for Frontend Users / Sessions as well), but not directly emitted via "header()" functions anymore. The next steps for having autonomous tests are: * Do not send cookies directly anymore * Double-check backend login cookies and * Check for ImmediateResponse / HttpUtility::redirect() methods * Evaluate the HTTP headers emitted inside the Installer. Resolves: #92997 Releases: master Change-Id: I7f1e9826b3d61977cb24e4622e0888e301b807e3 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67001 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Showing
- typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php 0 additions, 36 deletions...ore/Classes/Authentication/AbstractUserAuthentication.php
- typo3/sysext/core/Documentation/Changelog/master/Breaking-92997-Authentication-relatedHTTPCacheHeadersAreEmittedOnlyByPSR-15Middlewares.rst 47 additions, 0 deletions...atedHTTPCacheHeadersAreEmittedOnlyByPSR-15Middlewares.rst
- typo3/sysext/core/Tests/Unit/Authentication/AbstractUserAuthenticationTest.php 0 additions, 13 deletions...ts/Unit/Authentication/AbstractUserAuthenticationTest.php
- typo3/sysext/frontend/Classes/Middleware/FrontendUserAuthenticator.php 26 additions, 0 deletions...frontend/Classes/Middleware/FrontendUserAuthenticator.php
Please register or sign in to comment