Add no-store to OpenIdConnectHandler cache-control response headers (#10318). (#10741)

2019-06-04 22:52:16 +08:00 · 2019-06-04 22:52:16 +08:00 · 544a01ae0a
parent 45b0d0d0de
commit 544a01ae0a
1 changed files with 2 additions and 2 deletions
--- a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
+++ b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
@ -256,7 +256,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                Response.ContentType = "text/html;charset=UTF-8";

                // Emit Cache-Control=no-cache to prevent client caching.
-                Response.Headers[HeaderNames.CacheControl] = "no-cache";
+                Response.Headers[HeaderNames.CacheControl] = "no-cache, no-store";
                Response.Headers[HeaderNames.Pragma] = "no-cache";
                Response.Headers[HeaderNames.Expires] = HeaderValueEpocDate;

@ -442,7 +442,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                Response.ContentType = "text/html;charset=UTF-8";

                // Emit Cache-Control=no-cache to prevent client caching.
-                Response.Headers[HeaderNames.CacheControl] = "no-cache";
+                Response.Headers[HeaderNames.CacheControl] = "no-cache, no-store";
                Response.Headers[HeaderNames.Pragma] = "no-cache";
                Response.Headers[HeaderNames.Expires] = HeaderValueEpocDate;