Add no-store to the Cache-Control header on auth responses

dlcs / protagonist

MIT License

7 stars 2 forks source link

Add no-store to the Cache-Control header on auth responses #916

Closed JackLewis-digirati closed 1 week ago

JackLewis-digirati commented 1 week ago

Related to #833

This PR adds a Cache-Control header of no-cache,no-store to the following endpoints:

auth/{customer}/clickthrough
auth/{customer}/token
auth/{customer}/{authService}
auth/{customer}/{authService}/logout

This should help to avoid issues where auth responses are cached incorrectly

NOTE: this header has not been added to auth/v2/probe/{customer}/{space}/{image} as this resource already has a Cache-Control value of private

garyttierney commented 1 week ago

Btw, no-cache,no-store is equivalent to no-store https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#use_cases

JackLewis-digirati commented 1 week ago

should be changed to use just no-store - thanks Gary