Merge pull request #1948 from flant/add-cache-headers

Add Cache-control headers to token responses
2021-01-23 14:13:51 +01:00
parent 7cf43fdc7e a7978890c7
commit 186a719ecb
3 changed files with 24 additions and 0 deletions
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -1476,6 +1476,10 @@ func (s *Server) writeAccessToken(w http.ResponseWriter, resp *accessTokenRespon
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.Header().Set("Content-Length", strconv.Itoa(len(data)))
+
+	// Token response must include cache headers https://tools.ietf.org/html/rfc6749#section-5.1
+	w.Header().Set("Cache-Control", "no-store")
+	w.Header().Set("Pragma", "no-cache")
 	w.Write(data)
 }