From: Thomas Berezansky <tsbere@mvlc.org>
Date: Thu, 14 Jun 2012 17:41:33 +0000 (-0400)
Subject: TPac: Disable caching for auth-required pages
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=db7247c91163a98f41a1e096ccfa97cbc9e14904;p=evergreen%2Fequinox.git

TPac: Disable caching for auth-required pages

To make back buttons less likely to show sensitive info.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
Signed-off-by: Michael Peters <mrpeters@library.in.gov>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
index 63f919aaaf..01cae1cf22 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
@@ -159,6 +159,10 @@ sub load {
     # ----------------------------------------------------------------
     return $self->redirect_auth unless $self->editor->requestor;
 
+    # Don't cache anything requiring auth for security reasons
+    $self->apache->headers_out->add("cache-control" => "no-store, no-cache, must-revalidate");
+    $self->apache->headers_out->add("expires" => "-1");
+
     return $self->load_email_record if $path =~ m|opac/record/email|;
 
     return $self->load_place_hold if $path =~ m|opac/place_hold|;