From d07ff92e9f63f00ca56313e33240e647120ee7ff Mon Sep 17 00:00:00 2001
From: Scott Kirkland <srkirkland@gmail.com>
Date: Tue, 9 Jan 2024 15:31:37 -0800
Subject: [PATCH 1/2] never cache anything outside the API

---
 Finjector.Web/Program.cs | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/Finjector.Web/Program.cs b/Finjector.Web/Program.cs
index d63c2173..f40f8352 100644
--- a/Finjector.Web/Program.cs
+++ b/Finjector.Web/Program.cs
@@ -21,6 +21,7 @@
 using Microsoft.EntityFrameworkCore;
 using Finjector.Web.Extensions;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.StaticFiles.Infrastructure;
 
 #if DEBUG
 Serilog.Debugging.SelfLog.Enable(msg => Debug.WriteLine(msg));
@@ -138,6 +139,23 @@
         // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
         app.UseHsts();
     }
+    
+    app.Use(async (context, next) =>
+    {
+        if (context.Request.Path.StartsWithSegments("/api") == false)
+        {
+            context.Response.GetTypedHeaders().CacheControl = new Microsoft.Net.Http.Headers.CacheControlHeaderValue()
+            {
+                NoCache = true,
+                NoStore = true,
+                MustRevalidate = true
+            };
+            context.Response.Headers[Microsoft.Net.Http.Headers.HeaderNames.Pragma] = "no-cache";
+            context.Response.Headers[Microsoft.Net.Http.Headers.HeaderNames.Expires] = "0";
+        }
+
+        await next();
+    });
 
     app.UseHttpsRedirection();
     app.UseStaticFiles();

From 1543127d5da0ad90c1ca05d612adb50e8c4f656d Mon Sep 17 00:00:00 2001
From: Scott Kirkland <srkirkland@gmail.com>
Date: Wed, 10 Jan 2024 10:42:09 -0800
Subject: [PATCH 2/2] don't cache

---
 Finjector.Web/Program.cs | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/Finjector.Web/Program.cs b/Finjector.Web/Program.cs
index f40f8352..7d749ebb 100644
--- a/Finjector.Web/Program.cs
+++ b/Finjector.Web/Program.cs
@@ -140,19 +140,25 @@
         app.UseHsts();
     }
     
+    // we want to disable caching for all html responses outside of the API
     app.Use(async (context, next) =>
     {
-        if (context.Request.Path.StartsWithSegments("/api") == false)
+        context.Response.OnStarting(() =>
         {
-            context.Response.GetTypedHeaders().CacheControl = new Microsoft.Net.Http.Headers.CacheControlHeaderValue()
+            if (context.Request.Path.StartsWithSegments("/api") == false &&
+                // ReSharper disable once ConditionIsAlwaysTrueOrFalseAccordingToNullableAPIContract
+                context.Response.ContentType != null &&
+                context.Response.ContentType.StartsWith("text/html", StringComparison.OrdinalIgnoreCase))
             {
-                NoCache = true,
-                NoStore = true,
-                MustRevalidate = true
-            };
-            context.Response.Headers[Microsoft.Net.Http.Headers.HeaderNames.Pragma] = "no-cache";
-            context.Response.Headers[Microsoft.Net.Http.Headers.HeaderNames.Expires] = "0";
-        }
+                // Set the necessary headers to disable caching
+                context.Response.Headers[Microsoft.Net.Http.Headers.HeaderNames.CacheControl] =
+                    "no-store, no-cache, must-revalidate";
+                context.Response.Headers[Microsoft.Net.Http.Headers.HeaderNames.Pragma] = "no-cache";
+                context.Response.Headers[Microsoft.Net.Http.Headers.HeaderNames.Expires] = "0";
+            }
+
+            return Task.CompletedTask;
+        });
 
         await next();
     });