mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #1948 from flant/add-cache-headers 

Add Cache-control headers to token responses
pull/1957/head
Márk Sági-Kazár 5 years ago committed by GitHub
parent
7cf43fdc7e a7978890c7
commit
186a719ecb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      server/deviceflowhandlers.go
  2. 4
      server/handlers.go
  3. 16
      server/server_test.go

4
server/deviceflowhandlers.go
Unescape View File

@ -140,6 +140,10 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
PollInterval: pollIntervalSeconds,
}
// Device Authorization Response can contain cache control header according to
// https://tools.ietf.org/html/rfc8628#section-3.2
w.Header().Set("Cache-Control", "no-store")
enc := json.NewEncoder(w)
enc.SetEscapeHTML(false)
enc.SetIndent("", " ")

4
server/handlers.go
Unescape View File

@ -1476,6 +1476,10 @@ func (s *Server) writeAccessToken(w http.ResponseWriter, resp *accessTokenRespon
}
w.Header().Set("Content-Type", "application/json")
w.Header().Set("Content-Length", strconv.Itoa(len(data)))
// Token response must include cache headers https://tools.ietf.org/html/rfc6749#section-5.1
w.Header().Set("Cache-Control", "no-store")
w.Header().Set("Pragma", "no-cache")
w.Write(data)
}

16
server/server_test.go
Unescape View File

@ -395,6 +395,12 @@ func makeOAuth2Tests(clientID string, clientSecret string, now func() time.Time)
}
return fmt.Errorf("unexpected response: %s", dump)
}
if resp.Header.Get("Cache-Control") != "no-store" {
return fmt.Errorf("cache-control header doesn't included in token response")
}
if resp.Header.Get("Pragma") != "no-cache" {
return fmt.Errorf("pragma header doesn't included in token response")
}
return nil
},
},
@ -423,6 +429,12 @@ func makeOAuth2Tests(clientID string, clientSecret string, now func() time.Time)
}
return fmt.Errorf("unexpected response: %s", dump)
}
if resp.Header.Get("Cache-Control") != "no-store" {
return fmt.Errorf("cache-control header doesn't included in token response")
}
if resp.Header.Get("Pragma") != "no-cache" {
return fmt.Errorf("pragma header doesn't included in token response")
}
return nil
},
},
@ -701,6 +713,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
checkErrorResponse(err, t, tc)
return
}
if err != nil {
t.Errorf("failed to exchange code for token: %v", err)
return
@ -1515,6 +1528,9 @@ func TestOAuth2DeviceFlow(t *testing.T) {
if resp.StatusCode != http.StatusOK {
t.Errorf("%v - Unexpected Response Type. Expected 200 got %v. Response: %v", tc.name, resp.StatusCode, string(responseBody))
}
if resp.Header.Get("Cache-Control") != "no-store" {
t.Errorf("Cache-Control header doesn't exist in Device Code Response")
}
// Parse the code response
var deviceCode deviceCodeResponse

Write Preview
Loading…
Cancel
Save