Add Cache-Control and Pragma headers to Access Token responses

myndocs / kotlin-oauth2-server

Flexible OAuth2 server library. Support for multiple frameworks

Apache License 2.0

151 stars 25 forks source link

Add Cache-Control and Pragma headers to Access Token responses #70

Closed a-p-o closed 5 years ago

a-p-o commented 5 years ago

See section 5.1 Successful Response

The authorization server MUST include the HTTP "Cache-Control" response header field [RFC2616] with a value of "no-store" in any response containing tokens, credentials, or other sensitive information, as well as the "Pragma" response header field [RFC2616] with a value of "no-cache".