Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Backport 21.2.X] fix(http): prevent caching of responses with Set-Cookie headers#69449

Open
SkyZeroZx wants to merge 1 commit into
angular:21.2.xangular/angular:21.2.xfrom
SkyZeroZx:backport/69385-to-21.2.xSkyZeroZx/angular:backport/69385-to-21.2.xCopy head branch name to clipboard
Open

[Backport 21.2.X] fix(http): prevent caching of responses with Set-Cookie headers#69449
SkyZeroZx wants to merge 1 commit into
angular:21.2.xangular/angular:21.2.xfrom
SkyZeroZx:backport/69385-to-21.2.xSkyZeroZx/angular:backport/69385-to-21.2.xCopy head branch name to clipboard

Conversation

@SkyZeroZx

@SkyZeroZx SkyZeroZx commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Backport of #69385

@SkyZeroZx
fix(http): prevent caching of responses with Set-Cookie headers
3728f9c 
Skip HttpTransferCache serialization for HTTP responses that contain a
Set-Cookie header.

Cookie-setting responses commonly represent session-specific,
user-specific, or security-sensitive state. Serializing their bodies into
SSR TransferState can embed sensitive data into the generated HTML, where
it may be reused during hydration or replayed by a shared cache/CDN.

(cherry picked from commit 80795de)
@pullapprove pullapprove Bot requested a review from crisbeto June 19, 2026 15:15
@angular-robot angular-robot Bot added the area: common/http Issues related to HTTP and HTTP Client label Jun 19, 2026
@ngbot ngbot Bot added this to the Backlog milestone Jun 19, 2026
@JeanMeche JeanMeche removed the request for review from crisbeto June 19, 2026 15:17
@JeanMeche JeanMeche added action: merge The PR is ready for merge by the caretaker target: lts This PR is targeting a version currently in long-term support labels Jun 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JeanMeche JeanMeche JeanMeche approved these changes

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: common/http Issues related to HTTP and HTTP Client target: lts This PR is targeting a version currently in long-term support

Projects

None yet

Milestone

Backlog

Development

Successfully merging this pull request may close these issues.

2 participants

@SkyZeroZx @JeanMeche
Morty Proxy This is a proxified and sanitized view of the page, visit original site.