john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Prevent cache-control middleware from caching API responses

Browse source 
The catch-all else clause in the cache-control middleware was overriding
the security middleware's no-cache headers for /api/ paths, setting them
to 'public, max-age=3600'. This caused browsers to cache stale API
responses, resulting in the blog page showing "0 posts found" despite
the API having data.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
TheFlow 2026-02-09 15:57:18 +13:00
parent 976bb4e5f4
commit 2928ddd439
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/server.js
View file

@ -114,7 +114,13 @@ app.use((req, res, next) => {
else if (path === '/manifest.json') {
res.setHeader('Cache-Control', 'public, max-age=86400'); // 1 day
}
// Everything else: Short cache
// API responses: NEVER cache (security middleware sets this too, but catch-all below would override)
else if (path.startsWith('/api/')) {
res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
res.setHeader('Pragma', 'no-cache');
res.setHeader('Expires', '0');
}
// Everything else (static assets without extensions): Short cache
else {
res.setHeader('Cache-Control', 'public, max-age=3600'); // 1 hour
}