Add Cache-control headers to token responses

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-01-18 11:10:00 +04:00
parent 3650fe2287
commit a7978890c7
3 changed files with 24 additions and 0 deletions
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -1476,6 +1476,10 @@ func (s *Server) writeAccessToken(w http.ResponseWriter, resp *accessTokenRespon
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.Header().Set("Content-Length", strconv.Itoa(len(data)))
+
+	// Token response must include cache headers https://tools.ietf.org/html/rfc6749#section-5.1
+	w.Header().Set("Cache-Control", "no-store")
+	w.Header().Set("Pragma", "no-cache")
 	w.Write(data)
 }