Override "cache-control: no-cache, no-store"?

andrewlock / NetEscapades.AspNetCore.SecurityHeaders

Small package to allow adding security headers to ASP.NET Core websites

MIT License

704 stars 73 forks source link

Override "cache-control: no-cache, no-store"? #201

Closed brianrutter closed 2 months ago

brianrutter commented 2 months ago

Would there be a way to override the header "cache-control: no-cache, no-store" that asp.net adds when there is a __RequestVerificationToken? This gives a "Resubmit the form" message on the back button to the users. I would prefer to leave out the "no-store" on the header.

thanks!

andrewlock commented 2 months ago

I think that's outside the purview of this library, and given it lowers the security as I understand it (it shouldn't be cached i think), it is not something I would want to do I think 😁

brianrutter commented 2 months ago

ok thanks!