Prevent cache of qr code

2024-11-24 08:42:17 +02:00 · 2021-04-27 15:50:18 -07:00 · 2021-04-27 15:50:18 -07:00 · 572b56619e
commit 572b56619e
parent e62387f74f
3 changed files with 10 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,12 @@
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

+## [3.0.4] - 2021-04-27
+
+### Changed
+
+- Change qrcode endpoint for totp to try to prevent caching
+
 ## [3.0.3] - 2021-02-14

 ### Fixed
--- a/otp/twofactor/totp2fa/totp.go
+++ b/otp/twofactor/totp2fa/totp.go
@ -221,6 +221,7 @@ func (t *TOTP) GetQRCode(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "failed to encode qr code to png")
 	}

+	w.Header().Set("Cache-Control", "no-store")
 	w.Header().Set("Content-Type", "image/png")
 	w.WriteHeader(http.StatusOK)
 	_, err = io.Copy(w, buf)
--- a/otp/twofactor/totp2fa/totp_test.go
+++ b/otp/twofactor/totp2fa/totp_test.go
@ -256,6 +256,9 @@ func TestGetQRCode(t *testing.T) {
 	if got := wr.Header().Get("Content-Type"); got != "image/png" {
 		t.Error("content type wrong:", got)
 	}
+	if got := wr.Header().Get("Cache-Control"); got != "no-store" {
+		t.Error("cache control header wrong:", got)
+	}
 	if wr.Body.Len() == 0 {
 		t.Error("body should have been sizable")
 	}