From 87d88ab38747091da8effbd12b239cd9a5b28f85 Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Wed, 29 Jan 2025 18:12:25 +0000
Subject: [PATCH] Posts, Post Types: Add no-cache headers to password protected
 posts.

This instructs an intermediate cache, for example a proxy server, to not cache a password protected post both before and after a visitor has entered a password.

Props brevilo, haozi, ironprogrammer, narenin

Fixes #61711
Built from https://develop.svn.wordpress.org/trunk@59728


git-svn-id: http://core.svn.wordpress.org/trunk@59070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/class-wp.php | 5 +++++
 wp-includes/version.php  | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/wp-includes/class-wp.php b/wp-includes/class-wp.php
index ce88c102cf..f2b114e708 100644
--- a/wp-includes/class-wp.php
+++ b/wp-includes/class-wp.php
@@ -545,6 +545,11 @@ class WP {
 			if ( $post && pings_open( $post ) ) {
 				$headers['X-Pingback'] = get_bloginfo( 'pingback_url', 'display' );
 			}
+
+			// Send nocache headers for password protected posts to avoid unwanted caching.
+			if ( ! empty( $post->post_password ) ) {
+				$headers = array_merge( $headers, wp_get_nocache_headers() );
+			}
 		}
 
 		/**
diff --git a/wp-includes/version.php b/wp-includes/version.php
index cec0d1c708..a892673925 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.8-alpha-59727';
+$wp_version = '6.8-alpha-59728';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.