Also set no-store when we set no-cache in response cache control headers (#22842)
This commit is contained in:
John Luo
GitHub
parent
20770811a4
commit
ef9a3662d6
|
|
@ -187,7 +187,8 @@ namespace Microsoft.AspNetCore.Hosting
|
|||
return context =>
|
||||
{
|
||||
context.Response.StatusCode = 500;
|
||||
context.Response.Headers[HeaderNames.CacheControl] = "no-cache";
|
||||
context.Response.Headers[HeaderNames.CacheControl] = "no-cache,no-store";
|
||||
context.Response.Headers[HeaderNames.Pragma] = "no-cache";
|
||||
context.Response.ContentType = "text/html; charset=utf-8";
|
||||
return errorPage.ExecuteAsync(context);
|
||||
};
|
||||
|
|
|
|||
|
|
@ -284,7 +284,8 @@ namespace Microsoft.AspNetCore.Hosting
|
|||
return context =>
|
||||
{
|
||||
context.Response.StatusCode = 500;
|
||||
context.Response.Headers[HeaderNames.CacheControl] = "no-cache";
|
||||
context.Response.Headers[HeaderNames.CacheControl] = "no-cache,no-store";
|
||||
context.Response.Headers[HeaderNames.Pragma] = "no-cache";
|
||||
return errorPage.ExecuteAsync(context);
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ namespace Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore
|
|||
/// <param name="logger">The <see cref="Logger{T}"/> to write messages to.</param>
|
||||
/// <param name="options">The options to control the behavior of the middleware.</param>
|
||||
public MigrationsEndPointMiddleware(
|
||||
RequestDelegate next,
|
||||
ILogger<MigrationsEndPointMiddleware> logger,
|
||||
RequestDelegate next,
|
||||
ILogger<MigrationsEndPointMiddleware> logger,
|
||||
IOptions<MigrationsEndPointOptions> options)
|
||||
{
|
||||
if (next == null)
|
||||
|
|
@ -80,7 +80,7 @@ namespace Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore
|
|||
|
||||
context.Response.StatusCode = (int)HttpStatusCode.NoContent;
|
||||
context.Response.Headers.Add("Pragma", new[] { "no-cache" });
|
||||
context.Response.Headers.Add("Cache-Control", new[] { "no-cache" });
|
||||
context.Response.Headers.Add("Cache-Control", new[] { "no-cache,no-store" });
|
||||
|
||||
_logger.MigrationsApplied(db.GetType().FullName);
|
||||
}
|
||||
|
|
@ -147,7 +147,7 @@ namespace Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore
|
|||
{
|
||||
response.StatusCode = (int)HttpStatusCode.BadRequest;
|
||||
response.Headers.Add("Pragma", new[] { "no-cache" });
|
||||
response.Headers.Add("Cache-Control", new[] { "no-cache" });
|
||||
response.Headers.Add("Cache-Control", new[] { "no-cache,no-store" });
|
||||
response.ContentType = "text/plain";
|
||||
|
||||
// Padding to >512 to ensure IE doesn't hide the message
|
||||
|
|
|
|||
|
|
@ -153,7 +153,7 @@ namespace Microsoft.AspNetCore.Diagnostics
|
|||
private static Task ClearCacheHeaders(object state)
|
||||
{
|
||||
var headers = ((HttpResponse)state).Headers;
|
||||
headers[HeaderNames.CacheControl] = "no-cache";
|
||||
headers[HeaderNames.CacheControl] = "no-cache,no-store";
|
||||
headers[HeaderNames.Pragma] = "no-cache";
|
||||
headers[HeaderNames.Expires] = "-1";
|
||||
headers.Remove(HeaderNames.ETag);
|
||||
|
|
|
|||
|
|
@ -164,9 +164,8 @@ namespace Microsoft.AspNetCore.Diagnostics
|
|||
Assert.Equal(HttpStatusCode.InternalServerError, response.StatusCode);
|
||||
Assert.Equal(expectedResponseBody, await response.Content.ReadAsStringAsync());
|
||||
IEnumerable<string> values;
|
||||
Assert.True(response.Headers.TryGetValues("Cache-Control", out values));
|
||||
Assert.Single(values);
|
||||
Assert.Equal("no-cache", values.First());
|
||||
Assert.True(response.Headers.CacheControl.NoCache);
|
||||
Assert.True(response.Headers.CacheControl.NoStore);
|
||||
Assert.True(response.Headers.TryGetValues("Pragma", out values));
|
||||
Assert.Single(values);
|
||||
Assert.Equal("no-cache", values.First());
|
||||
|
|
@ -214,9 +213,8 @@ namespace Microsoft.AspNetCore.Diagnostics
|
|||
Assert.Equal(HttpStatusCode.InternalServerError, response.StatusCode);
|
||||
Assert.Equal(expectedResponseBody, await response.Content.ReadAsStringAsync());
|
||||
IEnumerable<string> values;
|
||||
Assert.True(response.Headers.TryGetValues("Cache-Control", out values));
|
||||
Assert.Single(values);
|
||||
Assert.Equal("no-cache", values.First());
|
||||
Assert.True(response.Headers.CacheControl.NoCache);
|
||||
Assert.True(response.Headers.CacheControl.NoStore);
|
||||
Assert.True(response.Headers.TryGetValues("Pragma", out values));
|
||||
Assert.Single(values);
|
||||
Assert.Equal("no-cache", values.First());
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@ namespace Microsoft.AspNetCore.Session
|
|||
response.Cookies.Append(_options.Cookie.Name, _cookieValue, cookieOptions);
|
||||
|
||||
var responseHeaders = response.Headers;
|
||||
responseHeaders[HeaderNames.CacheControl] = "no-cache";
|
||||
responseHeaders[HeaderNames.CacheControl] = "no-cache,no-store";
|
||||
responseHeaders[HeaderNames.Pragma] = "no-cache";
|
||||
responseHeaders[HeaderNames.Expires] = "-1";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
|||
public class CookieAuthenticationHandler : SignInAuthenticationHandler<CookieAuthenticationOptions>
|
||||
{
|
||||
private const string HeaderValueNoCache = "no-cache";
|
||||
private const string HeaderValueNoCacheNoStore = "no-cache,no-store";
|
||||
private const string HeaderValueEpocDate = "Thu, 01 Jan 1970 00:00:00 GMT";
|
||||
private const string SessionIdClaim = "Microsoft.AspNetCore.Authentication.Cookies-SessionId";
|
||||
|
||||
|
|
@ -374,7 +375,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
|||
|
||||
private async Task ApplyHeaders(bool shouldRedirectToReturnUrl, AuthenticationProperties properties)
|
||||
{
|
||||
Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache;
|
||||
Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCacheNoStore;
|
||||
Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache;
|
||||
Response.Headers[HeaderNames.Expires] = HeaderValueEpocDate;
|
||||
|
||||
|
|
|
|||
|
|
@ -138,6 +138,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
|||
Assert.DoesNotContain("; expires=", setCookie);
|
||||
Assert.DoesNotContain("; domain=", setCookie);
|
||||
Assert.DoesNotContain("; secure", setCookie);
|
||||
Assert.True(transaction.Response.Headers.CacheControl.NoCache);
|
||||
Assert.True(transaction.Response.Headers.CacheControl.NoStore);
|
||||
Assert.Equal("no-cache", transaction.Response.Headers.Pragma.ToString());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
|
|
|
|||
|
|
@ -35,7 +35,8 @@ namespace Microsoft.AspNetCore.Http.Connections.Internal.Transports
|
|||
public async Task ProcessRequestAsync(HttpContext context, CancellationToken token)
|
||||
{
|
||||
context.Response.ContentType = "text/event-stream";
|
||||
context.Response.Headers[HeaderNames.CacheControl] = "no-cache";
|
||||
context.Response.Headers[HeaderNames.CacheControl] = "no-cache,no-store";
|
||||
context.Response.Headers[HeaderNames.Pragma] = "no-cache";
|
||||
|
||||
// Make sure we disable all response buffering for SSE
|
||||
var bufferingFeature = context.Features.Get<IHttpResponseBodyFeature>();
|
||||
|
|
|
|||
|
|
@ -31,7 +31,8 @@ namespace Microsoft.AspNetCore.Http.Connections.Tests
|
|||
await sse.ProcessRequestAsync(context, context.RequestAborted);
|
||||
|
||||
Assert.Equal("text/event-stream", context.Response.ContentType);
|
||||
Assert.Equal("no-cache", context.Response.Headers["Cache-Control"]);
|
||||
Assert.Equal("no-cache,no-store", context.Response.Headers["Cache-Control"]);
|
||||
Assert.Equal("no-cache", context.Response.Headers["Pragma"]);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue