Login redirects are cacheable

Fixed in

EPiServer.CMS.Core 11.20.6

(Or a related package)

Created

Feb 25, 2021

Updated

Apr 06, 2021

Area

CMS Core

State

Closed, Fixed and tested

Description

When an AccessDeniedException is thrown and a handler handles the necessary redirect, we don't explicitly set cache headers that forces no caching of the response.

Today we only set 'private' which should stop proxies from caching the response, but we can be even more explicit and set both 'no-store' and 'no-cache'.