ZAP Scanning Report: Secure page browser cache

[syrinx75]

Hello,

I've succeeded to install my forum with SMF 1.1.13.

I made a test with ZAP to check all the safety risks remaining. I still have one 'Secure page browser cache'. It's about to add in the HTML header the following code to avoid the caching of the page by the browser:

Code Select Expand

<HTML><HEAD>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</HEAD><BODY>
</BODY>
</HTML>



I didn't find any mod or any information in the SMF forum about that.

Could someone help me? Thanks a lot.

[Arantor]

You will have to manually add the meta tags to your theme's index.template.php, but note that it will need to be done like so.

In the default theme you will see this code in Themes/default/index.template.php

Code Select Expand

echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"', $context['right_to_left'] ? ' dir="rtl"' : '', '><head>

Replace it with:

Code Select Expand

echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"', $context['right_to_left'] ? ' dir="rtl"' : '', '><head>
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="-1" />

[syrinx75]

Thanks a lot. It did it, it works!