]> BookStack Code Mirror - bookstack/commit
projects / bookstack / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 55be75d)
Forced response cache revalidation on logged-in responses
authorDan Brown <redacted>
Fri, 8 Oct 2021 14:22:09 +0000 (15:22 +0100)
committerDan Brown <redacted>
Fri, 8 Oct 2021 14:22:09 +0000 (15:22 +0100)
commit41ac69adb1a4c50dc3a9341a4391969befba3e9e
tree53fa877a258ecda995312d129841bea005f36e46tree | snapshot
parent55be75dee22cc481de855c7c9ee469e427e19edccommit | diff
Forced response cache revalidation on logged-in responses

- Prevents authenticated responses being visible when back button
  pressed in browser.
- Previously, 'no-cache, private' was added by default by Symfony which
  would have prevents proxy cache issues but this adds no-store and a
  max-age option to also invalidate all caching.

Thanks to @haxatron via huntr.dev
Ref: https://huntr.dev/bounties/6cda9df9-4987-4e1c-b48f-855b6901ef53/
app/Http/Kernel.php diff | blob | history
app/Http/Middleware/PreventAuthenticatedResponseCaching.php [new file with mode: 0644] blob
tests/SecurityHeaderTest.php diff | blob | history
The core source code for the BookStack project.
Morty Proxy This is a proxified and sanitized view of the page, visit original site.