cache: Enforce no-caching on the client side

Adding http headers to enforce requests are not cached by the browser.
aristanetworks · Jul 11, 2023 · 7afd99f · 7afd99f
1 parent c824f09
commit 7afd99f
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/server.go b/server.go
@@ -165,6 +165,9 @@ func (s *server) authenticate(w http.ResponseWriter, r *http.Request, promptLogi
 	logger := common.LoggerForRequest(r, logModuleInfo)
 	logger.Info("Authenticating request...")
 
+	// Enforce no caching on the browser side.
+	w.Header().Add("Cache-Control", "private, max-age=0, no-cache, no-store")
+
 	// Try each one of the available enabled authenticators, if none of them
 	// achieves to authenticate the request then userInfo will be nil and
 	// Authorization Code Flow will begin.
@@ -374,6 +377,9 @@ func (s *server) callback(w http.ResponseWriter, r *http.Request) {
 
 	logger := common.LoggerForRequest(r, logModuleInfo)
 
+	// Enforce no caching on the browser side.
+	w.Header().Add("Cache-Control", "private, max-age=0, no-cache, no-store")
+
 	// Get authorization code from authorization response.
 	var authCode = r.FormValue("code")
 	if len(authCode) == 0 {