Merge pull request #24550 from vespa-engine/mortent/prevent-api-caching

Prevent browsers caching api responses MERGEOK
author: Morten Tokle <mortent@yahooinc.com> 2022-10-25 10:25:30 +0200
committer: GitHub <noreply@github.com> 2022-10-25 10:25:30 +0200
commit: c1199cb33a06987916085c0ef267c7f3e2d6acff (patch)
tree: 5ceb8c2c18df07f9adec39576af9c7dbcc3c8d14
parent: a66a1de44e52ba53ef49810e49ddce6721693512 (diff)
parent: df9b6d7b976666526b2713911a353638ee87b2c9 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
index 520e22de136..0059fcf1d25 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
@@ -20,5 +20,6 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter {
         response.setHeader("X-Content-Type-Options", "nosniff");
         response.setHeader("X-Frame-Options", "DENY");
         response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
+        response.setHeader("Vary", "*");
     }
 }
author	Morten Tokle <mortent@yahooinc.com>	2022-10-25 10:25:30 +0200
committer	GitHub <noreply@github.com>	2022-10-25 10:25:30 +0200
commit	c1199cb33a06987916085c0ef267c7f3e2d6acff (patch)
tree	5ceb8c2c18df07f9adec39576af9c7dbcc3c8d14
parent	a66a1de44e52ba53ef49810e49ddce6721693512 (diff)
parent	df9b6d7b976666526b2713911a353638ee87b2c9 (diff)