Open ctiijima opened 4 years ago
@t-fine , assigning this to you, since you own this code now. I think the anax squad (ling and lily) have already dealt with this same issue in the golang rest api for agbot and css, so check with them for the code fix.
The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content.
URL: https://icp-console.apps.redacted.com/edge-sdo-ocs/api/version
Whenever possible ensure the cache-control HTTP header is set with no-cache, no-store, must-revalidate; and that the pragma HTTP header is set with no-cache.
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Web_Content_Caching
A similar issue was found on the agbot api last year: https://github.com/open-horizon/anax/issues/1174
See this agbot code for the solution: https://github.com/open-horizon/anax/blob/10323c7f49e39c0d222d452011868eda000399d9/agreementbot/api.go#L168