Skip to content

Commit

Permalink
cache: Enforce no-caching on the client side
Browse files Browse the repository at this point in the history 
Adding http headers to enforce requests are not cached by the browser.
  • Loading branch information
@jfrabaute @kellyma2
jfrabaute authored and kellyma2 committed Jul 11, 2023
1 parent c6da5cb commit 05ed40e
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,9 @@ func (s *server) authenticate(w http.ResponseWriter, r *http.Request) {
logger := logger.ForRequest(r, logModuleInfo)
logger.Info("Authenticating request...")

// Enforce no caching on the browser side.
w.Header().Add("Cache-Control", "private, max-age=0, no-cache, no-store")

var user *authenticator.User
for i, auth := range s.authenticators {
if !s.enabledAuthenticator(authenticatorsMapping[i]) {
Expand Down Expand Up @@ -292,6 +295,9 @@ func (s *server) callback(w http.ResponseWriter, r *http.Request) {

logger := logger.ForRequest(r, logModuleInfo)

// Enforce no caching on the browser side.
w.Header().Add("Cache-Control", "private, max-age=0, no-cache, no-store")

// Get authorization code from authorization response.
var authCode = r.FormValue("code")
if len(authCode) == 0 {
Expand Down

0 comments on commit 05ed40e

Please sign in to comment.