Ensure downstream proxies don't cache enforce_https()'s redirect

2026-04-05 03:00:15 -04:00 · 2014-08-08 16:16:59 -03:00
parent 971f24f1c1
commit 54957ee639
1 changed files with 2 additions and 1 deletions
--- a/r2/r2/controllers/reddit_base.py
+++ b/r2/r2/controllers/reddit_base.py
@@ -786,7 +786,8 @@ def enforce_https():
            redirect_url = hsts_modify_redirect(dest)

    if redirect_url:
-        abort(307, location=redirect_url)
+        headers = {"Cache-Control": "no-cache", "Pragma": "no-cache"}
+        abort(307, location=redirect_url, headers=headers)


 # Cookies that might need the secure flag toggled