Merge pull request from GHSA-m9qf-3pfj-2r86

* Add Cache-Control to Bull Board * CHANGELOG --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
2024-04-27 12:57:00 +09:00 · 2024-04-27 12:57:00 +09:00 · 6abb8c4994
commit 6abb8c4994
parent 85339ca751
2 changed files with 5 additions and 0 deletions
--- a/packages/backend/src/server/web/ClientServerService.ts
+++ b/packages/backend/src/server/web/ClientServerService.ts
@ -202,6 +202,10 @@ export class ClientServerService {
 			// %71ueueとかでリクエストされたら困るため
 			const url = decodeURI(request.routeOptions.url);
 			if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
+				if (!url.startsWith(bullBoardPath + '/static/')) {
+					reply.header('Cache-Control', 'private, max-age=0, must-revalidate');
+				}
+
 				const token = request.cookies.token;
 				if (token == null) {
 					reply.code(401).send('Login required');