fix: set no-store cache control on jwt renew response

9 months ago · 904260fd44
1 changed files with 3 additions and 0 deletions
--- a/server/core/auth.js
+++ b/server/core/auth.js
@ -156,6 +156,9 @@ module.exports = {
          } else {
            res.cookie('jwt', newToken.token, { expires: DateTime.utc().plus({ days: 365 }).toJSDate() })
          }
+
+          // Avoid caching this response
+          res.set('Cache-Control', 'no-store')
        } catch (errc) {
          WIKI.logger.warn(errc)
          return next()