Admin site should not be caching

[merenbach]

When running the Grav admin, I can see that the Cache-Control header is being set when loading various pages (e.g., the dashboard, configuration, etc.) to the same value as the global Cache-Control value. As a result, sometimes when loading a page containing editable form fields, previous values are displayed. Additionally, I sometimes see the dashboard reload after I log out, and I have to do a hard refresh to properly see the logout screen. (Note: Running on NearlyFreeSpeech with PHP 5.6 or 7.1 [I can choose], both of which support opcache but not APCu.)

Expected behavior

I expect any dynamic resources to not cache at all on the admin backend, as "Enable Admin Caching" is turned OFF in my plugin settings. In terms of implementation, I would expect the cache-control header to contain something like "private,max-age=0" or "no-cache" (open to discussion on what the proper value should be).

I will be happy to explore submitting a patch if we can agree on what the expected behavior should be. :-)

[merenbach]

Now I can see that the HTTP expires header is independent of caching settings, which apply more to rendering and data caches in APCu, memcached, etc. This is my mistake, and I'd like to pivot this into a proposal: any resource of type text/html prefixed by the admin site URL (e.g., /admin) should be set to expire immediately in browser and proxy caches. My reasoning is that when you're logged in, at least on the backend, data should always be current. Far-future expires are better suited for public-facing resources. (I'm also wondering if this is related to the invalid token errors that are plaguing me on NearlyFreeSpeech. So far this remains to be determined.)

[rhukster]

I agree the admin shouldn't have these values set. Unfortunately the admin is merely a plugin, so we can't really have admin-specific logic in the core but i think we can set the values dynamically like we set some other things. I'll look into this.