Skip to content

Commit

Permalink
Add no-cache, no-store if a response is private (see #1389).
Browse files Browse the repository at this point in the history
  • Loading branch information
@leofeyer
leofeyer committed Mar 1, 2018
1 parent aa00b1c commit 8b37ad0
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/Resources/contao/classes/FrontendTemplate.php
View file
Expand Up @@ -374,15 +374,21 @@ private function setCacheHeaders(Response $response)
/** @var $objPage \PageModel */
global $objPage;

if (($objPage->cache === false || $objPage->cache === 0) && ($objPage->clientCache === false || $objPage->clientCache === 0))
if (($objPage->cache === false || $objPage->cache < 1) && ($objPage->clientCache === false || $objPage->clientCache < 1))
{
$response->headers->addCacheControlDirective('no-cache');
$response->headers->addCacheControlDirective('no-store');

return $response->setPrivate();
}

// Do not cache the response if a user is logged in or the page is protected
// TODO: Add support for proxies so they can vary on member context
if (FE_USER_LOGGED_IN === true || BE_USER_LOGGED_IN === true || $objPage->protected || $this->hasAuthenticatedBackendUser())
{
$response->headers->addCacheControlDirective('no-cache');
$response->headers->addCacheControlDirective('no-store');

return $response->setPrivate();
}

Expand Down

0 comments on commit 8b37ad0

Please sign in to comment.