Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-7070

Add OIDC CacheControl configuration

XMLWordPrintable

      Fixes #50207.
      Users should be able to easily activate Cache-Control: no-store when they have concerns about such cookies being cached by HTTP intermediaries, not only when a session cookie is created but also when it is refreshed.
      Right now it can be done by monitoring OIDC events as just returning Cache-Control: no-store in the JAX-RS code won't work by default - when the user logs in, Quarkus OIDC, creates a session cookie and redirects the user to drop technical code flow parameters like code and state, so by the time the JAX-RS code is reached, the cookie was already returned. This extra redirect dropping technical parameters can be disabled but it is not recommended.
      PR allows to support a single directive at the moment, no-store, but I'd like to experiment with a private directive before opening it for review

              jmartisk@redhat.com Jan Martiska
              msochure@redhat.com Miroslav Sochurek
              Jose Carranza Jose Carranza
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: