diff --git a/public/service-worker.js b/public/service-worker.js index 5d2f2390..47189d5c 100644 --- a/public/service-worker.js +++ b/public/service-worker.js @@ -5,10 +5,17 @@ * - PWA functionality */ -const CACHE_VERSION = '0.1.1'; +const CACHE_VERSION = '0.1.2'; const CACHE_NAME = `tractatus-v${CACHE_VERSION}`; const VERSION_CHECK_INTERVAL = 3600000; // 1 hour in milliseconds +// Paths that should NEVER be cached (always fetch fresh from network) +const NEVER_CACHE_PATHS = [ + '/js/admin/', // Admin JavaScript - always fresh + '/api/', // API calls + '/admin/' // Admin pages +]; + // Assets to cache immediately on install const CRITICAL_ASSETS = [ '/', @@ -61,6 +68,16 @@ self.addEventListener('fetch', (event) => { return; } + // NEVER CACHE: Admin files, API calls - always fetch fresh, never cache + if (NEVER_CACHE_PATHS.some(path => url.pathname.startsWith(path))) { + event.respondWith( + fetch(request).catch(() => { + throw new Error('Network required for admin/API resources'); + }) + ); + return; + } + // HTML files: Network-ONLY (never cache, always fetch fresh) // This ensures users always get the latest content without cache refresh if (request.destination === 'document' || url.pathname.endsWith('.html')) { diff --git a/src/middleware/security-headers.middleware.js b/src/middleware/security-headers.middleware.js index fd3ffdfd..9c4c5fe5 100644 --- a/src/middleware/security-headers.middleware.js +++ b/src/middleware/security-headers.middleware.js @@ -56,6 +56,15 @@ function securityHeadersMiddleware(req, res, next) { 'geolocation=(), microphone=(), camera=(), payment=()' ); + // Cache Control: NEVER cache admin files or API responses + if (req.path.startsWith('/admin/') || + req.path.startsWith('/js/admin/') || + req.path.startsWith('/api/')) { + res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate'); + res.setHeader('Pragma', 'no-cache'); + res.setHeader('Expires', '0'); + } + next(); }