Feb 25, 2021
Apr 06, 2021
Closed, Fixed and tested
When an AccessDeniedException is thrown and a handler handles the necessary redirect, we don't explicitly set cache headers that forces no caching of the response.
Today we only set 'private' which should stop proxies from caching the response, but we can be even more explicit and set both 'no-store' and 'no-cache'.