johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Security: Refactor cache headers, auth token validation & UI #782 #808

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2024-01-17 14:16:02 +01:00
parent 0c4cd8d1b9
commit 2912ac9464
21 changed files with 367 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/api/session_create.go
View File

@@ -20,9 +20,6 @@ import (
// POST /api/v1/sessions
func CreateSession(router *gin.RouterGroup) {
createSessionHandler := func(c *gin.Context) {
// Disable caching of responses.
c.Header(header.CacheControl, header.CacheControlNoStore)
// Prevent CDNs from caching this endpoint.
if header.IsCdn(c.Request) {
AbortNotFound(c)
@@ -40,6 +37,9 @@ func CreateSession(router *gin.RouterGroup) {
return
}
// Disable caching of responses.
c.Header(header.CacheControl, header.CacheControlNoStore)
conf := get.Config()
// Skip authentication if app is running in public mode.