[slightlyoff/ServiceWorker] Should Cache-Control: private be respected? (#926)

Currently it looks like `Cache-Control: private` is being ignored by Cache API, while in HTTP it 

> Indicates that all or part of the response message is intended for a single user and MUST NOT be cached by a shared cache, such as a proxy server.

This behavior is probably more flexible, but on the other hand, it enables ability to accidentally (and very easily) cache resources which were meant to be private (user-specific) and not intended to be shared between various requests (or even stored on the disk in the first place).

Would it make sense to reject attempts to put such responses into the cache from security perspective?

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/926

Received on Tuesday, 12 July 2016 09:28:39 UTC