From 64a4b712cc635df4d61e478f9b61e8cd3ba4fd44 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Sat, 19 Dec 2020 15:19:01 -0800
Subject: [PATCH] proxyAuth: add a hack to invalidate cache

when user goes to /logout and then goes to /, the browser will
serve up the cached / based on cache-control. This might make the
user believe they are not logged out.

fixes #753
---
 src/nginxconfig.ejs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/nginxconfig.ejs b/src/nginxconfig.ejs
index a297f83e9..40602957a 100644
--- a/src/nginxconfig.ejs
+++ b/src/nginxconfig.ejs
@@ -92,6 +92,14 @@ server {
     add_header Referrer-Policy "no-referrer-when-downgrade";
     proxy_hide_header Referrer-Policy;
 
+    # workaround caching issue after /logout. if max-age is set, browser uses cache and user thinks they have not logged out
+    # have to keep all the add_header here to avoid repeating all add_header in location block
+    <% if (proxyAuth.enabled) { %>
+    proxy_hide_header Cache-Control;
+    add_header Cache-Control no-cache;
+    add_header Set-Cookie $auth_cookie;
+    <% } %>
+
     # gzip responses that are > 50k and not images
     gzip on;
     gzip_min_length 50k;
@@ -250,7 +258,6 @@ server {
     location "<%= proxyAuth.path %>" {
         auth_request /proxy-auth;
         auth_request_set $auth_cookie $upstream_http_set_cookie;
-        add_header Set-Cookie $auth_cookie;
         error_page 401 = @proxy-auth-login;
 
         proxy_pass http://<%= ip %>:<%= port %>;