From db7247c91163a98f41a1e096ccfa97cbc9e14904 Mon Sep 17 00:00:00 2001
From: Thomas Berezansky <tsbere@mvlc.org>
Date: Thu, 14 Jun 2012 13:41:33 -0400
Subject: [PATCH] TPac: Disable caching for auth-required pages

To make back buttons less likely to show sensitive info.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
Signed-off-by: Michael Peters <mrpeters@library.in.gov>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
---
 Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
index 63f919aaaf..01cae1cf22 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
@@ -159,6 +159,10 @@ sub load {
     # ----------------------------------------------------------------
     return $self->redirect_auth unless $self->editor->requestor;
 
+    # Don't cache anything requiring auth for security reasons
+    $self->apache->headers_out->add("cache-control" => "no-store, no-cache, must-revalidate");
+    $self->apache->headers_out->add("expires" => "-1");
+
     return $self->load_email_record if $path =~ m|opac/record/email|;
 
     return $self->load_place_hold if $path =~ m|opac/place_hold|;
-- 
2.11.0