The API endpoints, such as the one that retrieves private AI keys (/private-ai-keys), were missing standard HTTP Cache-Control headers.
This posed a risk as the server did not explicitly tell the client not to save the data, thus browsers and network proxies can automatically cache the response.
To fix this, the API response has added the following header: Cache-Control: no-store, no-cache, must-revalidate, private
This commit details the middleware that was implemented to address this issue.
mxr576 Reporter
The API endpoints, such as the one that retrieves private AI keys (
/private-ai-keys), were missing standard HTTPCache-Controlheaders.This posed a risk as the server did not explicitly tell the client not to save the data, thus browsers and network proxies can automatically cache the response.
To fix this, the API response has added the following header:
Cache-Control: no-store, no-cache, must-revalidate, privateThis commit details the middleware that was implemented to address this issue.