Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: All responses now contain headers to not cache them #465

Merged
merged 1 commit into from
Aug 21, 2020
Merged

fix: All responses now contain headers to not cache them #465

merged 1 commit into from
Aug 21, 2020

Conversation

mitar
Copy link
Contributor

@mitar mitar commented Aug 16, 2020

Proposed changes

Based on https://openid.net/specs/openid-connect-core-1_0.html (non-normative examples) it looks like all responses include headers to prevent caching. I think this is reasonable. I do not see why any of OAuth responses would ever be cached.

So I just went through everything and added those headers.

Checklist

  • I have read the contributing guidelines
  • I have read the security policy
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got green light (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation within the code base (if appropriate)

@mitar mitar force-pushed the no-response-caching branch from 60b4754 to 200e37d Compare August 16, 2020 04:38
@aeneasr aeneasr merged commit 2012cb7 into ory:master Aug 21, 2020
@aeneasr
Copy link
Member

aeneasr commented Aug 21, 2020

Thank you!

@mitar mitar deleted the no-response-caching branch August 21, 2020 09:30
@aeneasr
Copy link
Member

aeneasr commented Aug 21, 2020

I was again fooled by CircleCI not running. The tests are actually broken on master, can you please address the broken changes?

https://app.circleci.com/pipelines/github/ory/fosite/19/workflows/5565d7c4-b9ac-47cd-bff3-7e62e2a72535/jobs/67

I will now enforce CI runs for merges on master, which means that we need to figure out why CircleCI is not running on your fork or I won't be able to merge your PRs any more :(

@mitar
Copy link
Contributor Author

mitar commented Aug 21, 2020

I will check. Sorry.

Have you seen this comment?

@mitar mitar mentioned this pull request Aug 22, 2020
Merged
5 tasks
@mitar
Copy link
Contributor Author

mitar commented Aug 22, 2020

Done: #466

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mitar @aeneasr