Skip to content

Commit

Permalink
Merge pull request #233 from auth0/cache-control
Browse files Browse the repository at this point in the history
Prevent caching the `/me` request
  • Loading branch information
adamjmcgrath authored Jan 11, 2021
2 parents 5c59e68 + 0d16d03 commit 7457fd6
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/handlers/profile.ts
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ export default function profileHandler(
return;
}

res.setHeader('Cache-Control', 'no-store');
res.json(session.user);
};
}
8 changes: 8 additions & 0 deletions tests/handlers/profile.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,14 @@ describe('profile handler', () => {
expect(profile).toStrictEqual({ nickname: '__test_nickname__', sub: '__test_sub__' });
});

test('should not allow caching the profile response', async () => {
const baseUrl = await setup(withoutApi);
const cookieJar = await login(baseUrl);

const { res } = await get(baseUrl, '/api/auth/me', { cookieJar, fullResponse: true });
expect(res.headers['cache-control']).toEqual('no-store');
});

test('should throw if re-fetching with no Access Token', async () => {
const afterCallback: AfterCallback = (_req, _res, session: Session): Session => {
delete session.accessToken;
Expand Down

0 comments on commit 7457fd6

Please sign in to comment.