Add Cache-control headers to token responses
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
This commit is contained in:
parent
3650fe2287
commit
a7978890c7
3 changed files with 24 additions and 0 deletions
|
@ -140,6 +140,10 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
|
||||||
PollInterval: pollIntervalSeconds,
|
PollInterval: pollIntervalSeconds,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Device Authorization Response can contain cache control header according to
|
||||||
|
// https://tools.ietf.org/html/rfc8628#section-3.2
|
||||||
|
w.Header().Set("Cache-Control", "no-store")
|
||||||
|
|
||||||
enc := json.NewEncoder(w)
|
enc := json.NewEncoder(w)
|
||||||
enc.SetEscapeHTML(false)
|
enc.SetEscapeHTML(false)
|
||||||
enc.SetIndent("", " ")
|
enc.SetIndent("", " ")
|
||||||
|
|
|
@ -1476,6 +1476,10 @@ func (s *Server) writeAccessToken(w http.ResponseWriter, resp *accessTokenRespon
|
||||||
}
|
}
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
w.Header().Set("Content-Length", strconv.Itoa(len(data)))
|
w.Header().Set("Content-Length", strconv.Itoa(len(data)))
|
||||||
|
|
||||||
|
// Token response must include cache headers https://tools.ietf.org/html/rfc6749#section-5.1
|
||||||
|
w.Header().Set("Cache-Control", "no-store")
|
||||||
|
w.Header().Set("Pragma", "no-cache")
|
||||||
w.Write(data)
|
w.Write(data)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -395,6 +395,12 @@ func makeOAuth2Tests(clientID string, clientSecret string, now func() time.Time)
|
||||||
}
|
}
|
||||||
return fmt.Errorf("unexpected response: %s", dump)
|
return fmt.Errorf("unexpected response: %s", dump)
|
||||||
}
|
}
|
||||||
|
if resp.Header.Get("Cache-Control") != "no-store" {
|
||||||
|
return fmt.Errorf("cache-control header doesn't included in token response")
|
||||||
|
}
|
||||||
|
if resp.Header.Get("Pragma") != "no-cache" {
|
||||||
|
return fmt.Errorf("pragma header doesn't included in token response")
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -423,6 +429,12 @@ func makeOAuth2Tests(clientID string, clientSecret string, now func() time.Time)
|
||||||
}
|
}
|
||||||
return fmt.Errorf("unexpected response: %s", dump)
|
return fmt.Errorf("unexpected response: %s", dump)
|
||||||
}
|
}
|
||||||
|
if resp.Header.Get("Cache-Control") != "no-store" {
|
||||||
|
return fmt.Errorf("cache-control header doesn't included in token response")
|
||||||
|
}
|
||||||
|
if resp.Header.Get("Pragma") != "no-cache" {
|
||||||
|
return fmt.Errorf("pragma header doesn't included in token response")
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -701,6 +713,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
||||||
checkErrorResponse(err, t, tc)
|
checkErrorResponse(err, t, tc)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("failed to exchange code for token: %v", err)
|
t.Errorf("failed to exchange code for token: %v", err)
|
||||||
return
|
return
|
||||||
|
@ -1515,6 +1528,9 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||||
if resp.StatusCode != http.StatusOK {
|
if resp.StatusCode != http.StatusOK {
|
||||||
t.Errorf("%v - Unexpected Response Type. Expected 200 got %v. Response: %v", tc.name, resp.StatusCode, string(responseBody))
|
t.Errorf("%v - Unexpected Response Type. Expected 200 got %v. Response: %v", tc.name, resp.StatusCode, string(responseBody))
|
||||||
}
|
}
|
||||||
|
if resp.Header.Get("Cache-Control") != "no-store" {
|
||||||
|
t.Errorf("Cache-Control header doesn't exist in Device Code Response")
|
||||||
|
}
|
||||||
|
|
||||||
// Parse the code response
|
// Parse the code response
|
||||||
var deviceCode deviceCodeResponse
|
var deviceCode deviceCodeResponse
|
||||||
|
|
Reference in a new issue