Dan Brown 41ac69adb1 Forced response cache revalidation on logged-in responses ...

- Prevents authenticated responses being visible when back button
  pressed in browser.
- Previously, 'no-cache, private' was added by default by Symfony which
  would have prevents proxy cache issues but this adds no-store and a
  max-age option to also invalidate all caching.

Thanks to @haxatron via huntr.dev
Ref: https://huntr.dev/bounties/6cda9df9-4987-4e1c-b48f-855b6901ef53/

2021-10-08 15:22:09 +01:00

4.8 KiB

Raw Blame History

View Raw