Merge pull request #387 from devforth/forbidCacheForGetBaseConfig

fix: add cache control headers to get_base_config endpoint

Author: ivictbor

adminforth/modules/restApi.ts

@@ -286,7 +286,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
     server.endpoint({
       method: 'GET',
       path: '/get_base_config',
-      handler: async ({input, adminUser, cookies, tr}): Promise<GetBaseConfigResponse>=> {
+      handler: async ({input, adminUser, cookies, tr, response}): Promise<GetBaseConfigResponse>=> {
         let username = ''
         let userFullName = ''
 
@@ -295,6 +295,11 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
           throw new Error('No config.auth defined');
         }
 
+        response.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
+        response.setHeader('Pragma', 'no-cache');
+        response.setHeader('Expires', '0');
+        response.setHeader('Surrogate-Control', 'no-store');
+
         const dbUser = adminUser.dbUser;
         username = dbUser[this.adminforth.config.auth.usernameField]; 
         userFullName = dbUser[this.adminforth.config.auth.userFullNameField];