7c4dc981cd
Previously we'd prevent caching of authed responses for security (prevent back cache or proxy caching) but caching could still be an issue in non-auth scenarios due to CSRF (eg. returning to login screen after session expiry). For #4600
28 lines
644 B
PHP
28 lines
644 B
PHP
<?php
|
|
|
|
namespace BookStack\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class PreventResponseCaching
|
|
{
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Closure $next
|
|
*
|
|
* @return mixed
|
|
*/
|
|
public function handle($request, Closure $next)
|
|
{
|
|
/** @var Response $response */
|
|
$response = $next($request);
|
|
|
|
$response->headers->set('Cache-Control', 'no-cache, no-store, private');
|
|
$response->headers->set('Expires', 'Sun, 12 Jul 2015 19:01:00 GMT');
|
|
|
|
return $response;
|
|
}
|
|
}
|