Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In preparation for an eventual upgrade to Rails 6.1, in which additional logic was added to the existing Cache-Control header normalization logic which special-cases the
no-store
header: rails/rails#39461We previously wanted to ensure that
must-revalidate
was present to prevent issues with older Safari mobile browsers (see #43776 for context), but our belief at this point is that those old versions are no longer relevant.Links
This logic was originally added in #3724
Testing story
Open to suggestions on the best way to test this. In particular, I'm not sure how to test broad browser compatibility. We know that this might cause issues with older mobile safari browsers, but aren't sure how old you have to go for this to become and issue and we have very limited ability to access older versions.
Caching
In general, the danger here is that even though
no-store
is the recommended way to avoid caching content, older browsers might have implemented that incorrectly and require workarounds likemax-age
ormust-revalidate
to achieve the functionality that's supposed to be offered byno-store
. I'm not sure how to identify those possible violations, however, or even what we would do if we did, given that the new Rails logic is quite strict about not mixing other directives withno-store
.PR Checklist: