Skip to content

fix: add Cache-Control no-store header to attestation responses#12

Merged
sangwa merged 1 commit intomainfrom
fix/no-store
Mar 26, 2026
Merged

fix: add Cache-Control no-store header to attestation responses#12
sangwa merged 1 commit intomainfrom
fix/no-store

Conversation

@sangwa
Copy link
Copy Markdown
Contributor

@sangwa sangwa commented Mar 26, 2026
edited by coderabbitai Bot
Loading

Attestation responses are unique per request (fresh timestamp, request ID, hardware-signed evidence) and must not be cached by proxies or clients.

Summary by CodeRabbit

  • Bug Fixes
    • Report responses are now configured to prevent caching, ensuring data freshness and improved security.

@sangwa @claude
fix: add Cache-Control no-store header to attestation responses
bc80696 
Attestation responses are unique per request (fresh timestamp, request ID,
hardware-signed evidence) and must not be cached by proxies or clients.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sangwa sangwa self-assigned this Mar 26, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 26, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cf2e26da-af1a-4db8-8b01-81e8e396faa1

📥 Commits

Reviewing files that changed from the base of the PR and between e18a936 and bc80696.

📒 Files selected for processing (1)
  • internal/attestation.go

Walkthrough

The sendReport function in internal/attestation.go has been updated to set an additional HTTP response header, Cache-Control: no-store, in addition to the existing Content-Type: application/json header. This ensures that attestation reports are not cached by intermediaries or clients. The change does not affect control flow, error handling, or response body generation.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A header so fine, with magic cache-clear,
No-store whispers softly to browsers near,
Attestations stay fresh, no duplication,
One line of wisdom guards data's location! ✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: adding a Cache-Control no-store header to attestation responses, which matches the single-line code modification in internal/attestation.go.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/no-store

Comment @coderabbitai help to get the list of available commands and usage tips.

@sangwa sangwa merged commit ad6f959 into main Mar 26, 2026
2 checks passed
@github-actions github-actions Bot mentioned this pull request Mar 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@sangwa sangwa

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sangwa