From 0906eeac8d37da5ebd4975546672d5892f696585 Mon Sep 17 00:00:00 2001
From: Vic Demuzere <vic@demuzere.be>
Date: Mon, 9 Aug 2021 15:06:33 +0200
Subject: [PATCH] Change Cache-Control on responses to no-store

Indicate that the response may not be stored in any cache. The previous
value no-cache allows caches to store encrypted secrets but asks them to
verify on every request.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control

https://github.com/Luzifer/ots/issues/36
---
 api.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api.go b/api.go
index 86e061d..06dc611 100644
--- a/api.go
+++ b/api.go
@@ -95,7 +95,7 @@ func (a apiServer) handleRead(res http.ResponseWriter, r *http.Request) {
 
 func (a apiServer) jsonResponse(res http.ResponseWriter, status int, response map[string]interface{}) {
 	res.Header().Set("Content-Type", "application/json")
-	res.Header().Set("Cache-Control", "no-cache")
+	res.Header().Set("Cache-Control", "no-store, max-age=0")
 	res.WriteHeader(status)
 
 	json.NewEncoder(res).Encode(response)