From ebca184522f8f597a4265f2d69dd8da132017dd0 Mon Sep 17 00:00:00 2001 From: Thang Vu Date: Sat, 24 Aug 2024 22:52:03 +0700 Subject: [PATCH] feat(core): add default cache control header for GET session --- .../session-management/get-session.mdx | 5 ++++ packages/core/src/lib/actions/session.ts | 9 +++++++- packages/core/test/actions/session.test.ts | 23 ++++++++++++++++++- 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/docs/pages/getting-started/session-management/get-session.mdx b/docs/pages/getting-started/session-management/get-session.mdx index 4991a09b96..58f6ad6bbe 100644 --- a/docs/pages/getting-started/session-management/get-session.mdx +++ b/docs/pages/getting-started/session-management/get-session.mdx @@ -173,3 +173,8 @@ app.get("/", (req, res) => { If you'd like to extend your session with more fields from your OAuth provider, for example, please check out our ["extending the session" guide](/guides/extending-the-session). + + + By default, GET requests to the session endpoint will automatically return the + headers to prevent caching. + diff --git a/packages/core/src/lib/actions/session.ts b/packages/core/src/lib/actions/session.ts index 7ff6f7f357..cd2d815cde 100644 --- a/packages/core/src/lib/actions/session.ts +++ b/packages/core/src/lib/actions/session.ts @@ -24,7 +24,14 @@ export async function session( const response: ResponseInternal = { body: null, - headers: { "Content-Type": "application/json" }, + headers: { + "Content-Type": "application/json", + ...(!isUpdate && { + "Cache-Control": "private, no-cache, no-store", + Expires: "0", + Pragma: "no-cache", + }), + }, cookies, } diff --git a/packages/core/test/actions/session.test.ts b/packages/core/test/actions/session.test.ts index 963a839e7f..a5d46894cd 100644 --- a/packages/core/test/actions/session.test.ts +++ b/packages/core/test/actions/session.test.ts @@ -16,6 +16,15 @@ import { SESSION_COOKIE_NAME, } from "../utils.js" +const assertResponseHeaders = (response: Response) => { + expect(response.headers.get("Content-Type")).toEqual("application/json") + expect(response.headers.get("Cache-Control")).toEqual( + "private, no-cache, no-store" + ) + expect(response.headers.get("Expires")).toEqual("0") + expect(response.headers.get("Pragma")).toEqual("no-cache") +} + describe("assert GET session action", () => { beforeEach(() => { vi.resetAllMocks() @@ -94,6 +103,8 @@ describe("assert GET session action", () => { session: expectedSession, token: expectedToken, }) + + assertResponseHeaders(response) }) it("should return null if no JWT session in the requests cookies", async () => { @@ -102,6 +113,8 @@ describe("assert GET session action", () => { }) const actual = await response.json() expect(actual).toEqual(null) + + assertResponseHeaders(response) }) it("should return null if JWT session is invalid", async () => { @@ -113,6 +126,8 @@ describe("assert GET session action", () => { }) const actual = await response.json() expect(actual).toEqual(null) + + assertResponseHeaders(response) }) it("should throw invalid JWT error if salt is invalid", async () => { @@ -132,8 +147,10 @@ describe("assert GET session action", () => { }) const actual = await response.json() - expect(logger.error).toHaveBeenCalledOnce() expect(actual).toEqual(null) + expect(logger.error).toHaveBeenCalledOnce() + + assertResponseHeaders(response) }) }) describe("Database strategy", () => { @@ -209,6 +226,8 @@ describe("assert GET session action", () => { email: expectedUser.email, }) expect(actualBodySession.expires).toEqual(currentExpires.toISOString()) + + assertResponseHeaders(response) }) it("should return null in the response, and delete the session", async () => { @@ -263,6 +282,8 @@ describe("assert GET session action", () => { expect(actualSessionToken).toEqual("") expect(actualBodySession).toEqual(null) + + assertResponseHeaders(response) }) }) })