This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Currently, the editor's draft allows preventing content from being cached by using the no-store http header. Often, developers cannot or do not know how to modify http headers to block sensitive parts of a website from being cached (when visited) by AppCache. e.g.: A website containing both public and sensitive HTML pages needs to be made available offline. The sensitive data must not be stored on the device. The website is hosted on a virtual host and HTTP headers cannot be modified. The web developer can prevent such pages from being cached by specifying them directly in the manifest.
Why would any pages be cached if they're not listed in the manifest? Also, who on earth is dealing with sensitive data yet can't change caching headers? That's a frightening thought.
(In reply to comment #1) > Why would any pages be cached if they're not listed in the manifest? They'd be cached as master entries simply by being visited.
This bug was cloned to create bug 17816 as part of operation convergence.
Mass move to "HTML WG"
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the Editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the Tracker Issue; or you may create a Tracker Issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy.html Status: Rejected Change Description: none Rationale: This will be addressed by NavCon.