Set Cache-Control: no-store

jspahrsummers · jspahrsummers · commit 63db32236e55 · 2025-02-18T14:08:07.000Z
diff --git a/src/server/auth/handlers/authorize.ts b/src/server/auth/handlers/authorize.ts
@@ -52,6 +52,8 @@ export function authorizationHandler({ provider, rateLimit: rateLimitConfig }: A
 
   // Define the handler
   router.all("/", async (req, res) => {
+    res.setHeader('Cache-Control', 'no-store');
+
     let client_id, redirect_uri;
     try {
       const data = req.method === 'POST' ? req.body : req.query;
diff --git a/src/server/auth/handlers/register.ts b/src/server/auth/handlers/register.ts
@@ -63,6 +63,8 @@ export function clientRegistrationHandler({
   }
 
   router.post("/", async (req, res) => {
+    res.setHeader('Cache-Control', 'no-store');
+
     let clientMetadata;
     try {
       clientMetadata = OAuthClientMetadataSchema.parse(req.body);
diff --git a/src/server/auth/handlers/revoke.ts b/src/server/auth/handlers/revoke.ts
@@ -48,6 +48,8 @@ export function revocationHandler({ provider, rateLimit: rateLimitConfig }: Revo
   router.use(authenticateClient({ clientsStore: provider.clientsStore }));
 
   router.post("/", async (req, res) => {
+    res.setHeader('Cache-Control', 'no-store');
+
     let revocationRequest;
     try {
       revocationRequest = OAuthTokenRevocationRequestSchema.parse(req.body);
diff --git a/src/server/auth/handlers/token.ts b/src/server/auth/handlers/token.ts
@@ -59,6 +59,8 @@ export function tokenHandler({ provider, rateLimit: rateLimitConfig }: TokenHand
   router.use(authenticateClient({ clientsStore: provider.clientsStore }));
 
   router.post("/", async (req, res) => {
+    res.setHeader('Cache-Control', 'no-store');
+
     let grant_type;
     try {
       ({ grant_type } = TokenRequestSchema.parse(req.body));

Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,8 @@ export function clientRegistrationHandler({`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`router.post("/", async (req, res) => {`
	`66`	`+ res.setHeader('Cache-Control', 'no-store');`
	`67`	`+`
`66`	`68`	`let clientMetadata;`
`67`	`69`	`try {`
`68`	`70`	`clientMetadata = OAuthClientMetadataSchema.parse(req.body);`