Skip to content

Commit

Permalink
cache: Enforce no-caching on the client side
Browse files Browse the repository at this point in the history 
Adding http headers to enforce requests are not cached by the browser.
  • Loading branch information
@jfrabaute @ajhfok
jfrabaute authored and ajhfok committed Jul 7, 2023
1 parent 4e205ff commit c0752e7
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@ func (s *server) authenticate(w http.ResponseWriter, r *http.Request) {
logger := logger.ForRequest(r, logModuleInfo)
logger.Info("Authenticating request...")

// Enforce no caching on the browser side.
w.Header().Add("Cache-Control", "private, max-age=0, no-cache, no-store")

var user *authenticator.User
for i, auth := range s.authenticators {
logger.Infof("%s starting...", strings.Title(authenticatorsMapping[i]))
Expand Down Expand Up @@ -206,6 +209,9 @@ func (s *server) callback(w http.ResponseWriter, r *http.Request) {

logger := logger.ForRequest(r, logModuleInfo)

// Enforce no caching on the browser side.
w.Header().Add("Cache-Control", "private, max-age=0, no-cache, no-store")

// Get authorization code from authorization response.
var authCode = r.FormValue("code")
if len(authCode) == 0 {
Expand Down

0 comments on commit c0752e7

Please sign in to comment.