go/authboss
1
0
Fork 0
mirror of https://github.com/volatiletech/authboss.git synced 2024-11-24 08:42:17 +02:00
Code Issues Releases Activity

Prevent cache of qr code

Browse Source
This commit is contained in:
Aaron L 2021-04-27 15:50:18 -07:00
parent e62387f74f
commit 572b56619e
3 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -3,6 +3,12 @@
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
## [3.0.4] - 2021-04-27
### Changed
- Change qrcode endpoint for totp to try to prevent caching
## [3.0.3] - 2021-02-14 ## [3.0.3] - 2021-02-14
### Fixed ### Fixed

1
otp/twofactor/totp2fa/totp.go
View File

@ -221,6 +221,7 @@ func (t *TOTP) GetQRCode(w http.ResponseWriter, r *http.Request) error {
return errors.Wrap(err, "failed to encode qr code to png") return errors.Wrap(err, "failed to encode qr code to png")
} }
w.Header().Set("Cache-Control", "no-store")
w.Header().Set("Content-Type", "image/png") w.Header().Set("Content-Type", "image/png")
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
_, err = io.Copy(w, buf) _, err = io.Copy(w, buf)

3
otp/twofactor/totp2fa/totp_test.go
View File

@ -256,6 +256,9 @@ func TestGetQRCode(t *testing.T) {
if got := wr.Header().Get("Content-Type"); got != "image/png" { if got := wr.Header().Get("Content-Type"); got != "image/png" {
t.Error("content type wrong:", got) t.Error("content type wrong:", got)
} }
if got := wr.Header().Get("Cache-Control"); got != "no-store" {
t.Error("cache control header wrong:", got)
}
if wr.Body.Len() == 0 { if wr.Body.Len() == 0 {
t.Error("body should have been sizable") t.Error("body should have been sizable")
} }