fix(security): explicitly declare cache-control header instead of using middleware

This commit reverts 1f6f389ff2
2025-12-20 15:30:39 +01:00 · 2022-03-18 11:56:16 -04:00
parent 2f2ed6c3ad
commit 38ca73c493
8 changed files with 9 additions and 18 deletions
--- a/src/controllers/helpers.js
+++ b/src/controllers/helpers.js
@@ -420,6 +420,10 @@ helpers.formatApiResponse = async (statusCode, res, payload) => {
 	}

 	if (String(statusCode).startsWith('2')) {
+		if (res.req.loggedIn) {
+			res.set('cache-control', 'private');
+		}
+
 		res.status(statusCode).json({
 			status: {
 				code: 'ok',