From 91634947f88fb3004b5e853598f02fbe39a55768 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Fri, 3 May 2019 20:39:19 +0200
Subject: Explicitly disable storage of REST API results (#10655)

Fixes #10652
---
 app/controllers/api/base_controller.rb | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'app/controllers/api/base_controller.rb')

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 3a92ee4e4..eca558f42 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -9,6 +9,8 @@ class Api::BaseController < ApplicationController
   skip_before_action :store_current_location
   skip_before_action :check_user_permissions
 
+  before_action :set_cache_headers
+
   protect_from_forgery with: :null_session
 
   rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
@@ -88,4 +90,8 @@ class Api::BaseController < ApplicationController
   def authorize_if_got_token!(*scopes)
     doorkeeper_authorize!(*scopes) if doorkeeper_token
   end
+
+  def set_cache_headers
+    response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
+  end
 end
-- 
cgit