WordPress.org
Get WordPress

Make WordPress Core

Changes between Version 1 and Version 2 of Ticket #21938, comment 47


Ignore:
Timestamp:
08/24/2023 07:29:51 PM (3 years ago)
Author:
westonruter
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #21938, comment 47

    v1 v2  
    1 Coincidentally, I've been looking into removing use of the `unload` event (#55491) because Chrome intends to [https://developer.chrome.com/blog/deprecating-unload/ deprecate it], and more importantly because [https://web.dev/bfcache/#never-use-the-unload-event it prevents bfcache]. But something else that blocks bfcache is `Cache-Control: no-store`, which this ticket is all about. Adding `no-store` wouldn't have caused any performance regression in the admin in 6.3 because `wp-heartbeat` uses the `unload` event. However, with this removed, the introduction of `no-store` holds back the performance of page navigations in the admin ''and'' the frontend by disabling bfcache. POC plugin: https://gist.github.com/westonruter/8c19d87a80a36e8f24db910750162628
     1Coincidentally, I've been looking into removing use of the `unload` event (#55491) because Chrome intends to [https://developer.chrome.com/blog/deprecating-unload/ deprecate it], and more importantly because [https://web.dev/bfcache/#never-use-the-unload-event it prevents bfcache]. But something else that blocks bfcache is `Cache-Control: no-store`, which this ticket is all about. Adding `no-store` wouldn't have caused any performance regression in the admin in 6.3 because `wp-heartbeat` uses the `unload` event. However, with this removed, the introduction of `no-store` holds back the performance of page navigations in the admin ''and'' the frontend by disabling bfcache.
    22
    3 The question I have is whether the increase to security/privacy by disabling bfcache for logged-in users is worth the performance hit for the 80% of users. If not, perhaps adding `no-store` should be a privacy/security enhancement that site owners install via a plugin when a site is accessed by users who use shared computers? Alternatively, perhaps `no-store` should only be used by default when a user does not check the "remember me" checkbox when logging-in?
     3The question I have is whether the increase to security/privacy by disabling bfcache for logged-in users is worth the performance hit for the 80% of users. If not, perhaps adding `no-store` should be a privacy/security enhancement that site owners install via a plugin when a site is accessed by users who use shared computers? Alternatively, perhaps `no-store` should only be used by default when a user does not check the "remember me" checkbox when logging-in? POC plugin: https://gist.github.com/westonruter/8c19d87a80a36e8f24db910750162628