0

ASP.net Core 2.2 MVC Web Application

I have a number of forms where I do NOT want the browser to cache/show any previous entered data when the user return to the page. I want the elements/form to NOT cache any information. I do not simply want the browser not to show previously entered information, I want it not to be cached for security reasons.

I tried decorating the controller method with:

[ResponseCache(NoStore = true, Location = ResponseCacheLocation.None)]

to no avail, when I again navigate to the page/form and start typing, previously entered values keep showing up as autocomplete options.

I've tried playing with every nuance of this as well: Response Caching Middleware in ASP.NET Core

How is this done for all browsers nowadays?

Beau D'Amore
  • 3,174
  • 5
  • 24
  • 56

2 Answers2

2

Sounds like it is caused by the autocompletion feature of browser:

By default, browsers remember information that the user submits through fields on websites. This enables the browser to offer autocompletion (that is, suggest possible completions for fields that the user has started typing in) or autofill (that is, pre-populate certain fields upon load).

To disable this feature for a form:

<form autocomplete="off">
    ... 
</form>

Or disable a field :

<input ... autocomplete="off">

Here's a detailed explanation on off

The "off" keyword indicates either that the control’s input data is particularly sensitive (for example the activation code for a nuclear weapon); or that it is a value that will never be reused (for example a one-time-key for a bank login) and the user will therefore have to explicitly enter the data each time, instead of being able to rely on the user agent to prefill the value for him; or that the document provides its own autocomplete mechanism and does not want the user agent to provide autocompletion values.

For more details, see how to disable autocompletion on MDN and w3c.org

Hope it helps.

itminus
  • 23,772
  • 2
  • 53
  • 88
  • Sorry, but could you please re-read my question? My first sentence asks specifically how to make the browser NOT cache the information, (if possible). I do not want anything cached, not simply to not 'show' anything cached. This was possible before. As my site has users enter their API keys for outside services, I don't want them cached in their browser. Thanks. – Beau D'Amore May 18 '19 at 19:22
  • 1
    @BeauD'Amore This is not a matter of caching, but a feature implemented by Modern browser. According to [`w3c` standard](https://www.w3.org/TR/html52/sec-forms.html#element-attrdef-autocompleteelements-autocomplete), `When an element’s autofill field name is "off", the user agent should not remember the control’s data, and should not offer past values to the user` . Obviously, any browser who respects the standard **won't remember the record**. – itminus May 20 '19 at 01:22
  • Thank you, I get it now. Marking as answer. It would be ideal if this could be set in the midddleware vs hacking up the markup like this but I guess MS isn't into NOT storing your data ;) – Beau D'Amore May 29 '19 at 11:25
0

You can use autocomplete="off" for html elements but chrome prevent this for some names like "name", "address" etc.

This topic was discussed earlier. Chrome ignores autocomplete="off"

Sinan Bozkuş
  • 317
  • 4
  • 9
  • Sorry, but could you please re-read my question? My first sentence asks specifically how to make the browser NOT cache the information, (if possible). I do not want anything cached, not simply to not 'show' anything cached. This was possible before. As my site has users enter their API keys for outside services, I don't want them cached in their browser. Thanks. – Beau D'Amore May 18 '19 at 19:22