Add Cache-Control: private, no-store HTTP header to server endpoints that respond with sensitive info.

km274 · km274 · commit e15db849161c · 2023-07-12T22:10:58.000-05:00
Fixes smallstep#793
diff --git a/acme/api/account.go b/acme/api/account.go
@@ -162,6 +162,7 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {
 	linker.LinkAccount(ctx, acc)
 
 	w.Header().Set("Location", getAccountLocationPath(ctx, linker, acc.ID))
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSONStatus(w, acc, httpStatus)
 }
 
@@ -212,6 +213,7 @@ func GetOrUpdateAccount(w http.ResponseWriter, r *http.Request) {
 	linker.LinkAccount(ctx, acc)
 
 	w.Header().Set("Location", linker.GetLink(ctx, acme.AccountLinkType, acc.ID))
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSON(w, acc)
 }
 
diff --git a/acme/api/handler.go b/acme/api/handler.go
@@ -306,6 +306,7 @@ func GetAuthorization(w http.ResponseWriter, r *http.Request) {
 	linker.LinkAuthorization(ctx, az)
 
 	w.Header().Set("Location", linker.GetLink(ctx, acme.AuthzLinkType, az.ID))
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSON(w, az)
 }
 
@@ -359,6 +360,7 @@ func GetChallenge(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Add("Link", link(linker.GetLink(ctx, acme.AuthzLinkType, azID), "up"))
 	w.Header().Set("Location", linker.GetLink(ctx, acme.ChallengeLinkType, azID, ch.ID))
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSON(w, ch)
 }
 
diff --git a/authority/admin/api/provisioner.go b/authority/admin/api/provisioner.go
@@ -55,6 +55,8 @@ func GetProvisioner(w http.ResponseWriter, r *http.Request) {
 		render.Error(w, err)
 		return
 	}
+
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSON(w, prov)
 }
 
@@ -72,6 +74,7 @@ func GetProvisioners(w http.ResponseWriter, r *http.Request) {
 		render.Error(w, errs.InternalServerErr(err))
 		return
 	}
+
 	render.JSON(w, &GetProvisionersResponse{
 		Provisioners: p,
 		NextCursor:   next,
@@ -102,6 +105,8 @@ func CreateProvisioner(w http.ResponseWriter, r *http.Request) {
 		render.Error(w, admin.WrapErrorISE(err, "error storing provisioner %s", prov.Name))
 		return
 	}
+
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSONStatus(w, prov, http.StatusCreated)
 }
 
@@ -198,6 +203,8 @@ func UpdateProvisioner(w http.ResponseWriter, r *http.Request) {
 		render.Error(w, err)
 		return
 	}
+
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSON(w, nu)
 }
 
diff --git a/authority/admin/api/webhook.go b/authority/admin/api/webhook.go
@@ -127,6 +127,7 @@ func (war *webhookAdminResponder) CreateProvisionerWebhook(w http.ResponseWriter
 		return
 	}
 
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSONStatus(w, newWebhook, http.StatusCreated)
 }
 
@@ -231,5 +232,7 @@ func (war *webhookAdminResponder) UpdateProvisionerWebhook(w http.ResponseWriter
 		Auth:                 newWebhook.Auth,
 		DisableTlsClientAuth: newWebhook.DisableTlsClientAuth,
 	}
+
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSONStatus(w, whResponse, http.StatusCreated)
 }
diff --git a/scep/api/api.go b/scep/api/api.go
@@ -359,6 +359,7 @@ func writeResponse(w http.ResponseWriter, res Response) {
 	}
 
 	w.Header().Set("Content-Type", contentHeader(res))
+	w.Header().Set("Cache-Control", "private, no-store")
 	_, _ = w.Write(res.Data)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -162,6 +162,7 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {`
`162`	`162`	`linker.LinkAccount(ctx, acc)`
`163`	`163`
`164`	`164`	`w.Header().Set("Location", getAccountLocationPath(ctx, linker, acc.ID))`
	`165`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`165`	`166`	`render.JSONStatus(w, acc, httpStatus)`
`166`	`167`	`}`
`167`	`168`
`@@ -212,6 +213,7 @@ func GetOrUpdateAccount(w http.ResponseWriter, r *http.Request) {`
`212`	`213`	`linker.LinkAccount(ctx, acc)`
`213`	`214`
`214`	`215`	`w.Header().Set("Location", linker.GetLink(ctx, acme.AccountLinkType, acc.ID))`
	`216`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`215`	`217`	`render.JSON(w, acc)`
`216`	`218`	`}`
`217`	`219`
Original file line number	Diff line number	Diff line change
`@@ -306,6 +306,7 @@ func GetAuthorization(w http.ResponseWriter, r *http.Request) {`
`306`	`306`	`linker.LinkAuthorization(ctx, az)`
`307`	`307`
`308`	`308`	`w.Header().Set("Location", linker.GetLink(ctx, acme.AuthzLinkType, az.ID))`
	`309`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`309`	`310`	`render.JSON(w, az)`
`310`	`311`	`}`
`311`	`312`
`@@ -359,6 +360,7 @@ func GetChallenge(w http.ResponseWriter, r *http.Request) {`
`359`	`360`
`360`	`361`	`w.Header().Add("Link", link(linker.GetLink(ctx, acme.AuthzLinkType, azID), "up"))`
`361`	`362`	`w.Header().Set("Location", linker.GetLink(ctx, acme.ChallengeLinkType, azID, ch.ID))`
	`363`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`362`	`364`	`render.JSON(w, ch)`
`363`	`365`	`}`
`364`	`366`
Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,8 @@ func GetProvisioner(w http.ResponseWriter, r *http.Request) {`
`55`	`55`	`render.Error(w, err)`
`56`	`56`	`return`
`57`	`57`	`}`
	`58`	`+`
	`59`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`58`	`60`	`render.ProtoJSON(w, prov)`
`59`	`61`	`}`
`60`	`62`
`@@ -72,6 +74,7 @@ func GetProvisioners(w http.ResponseWriter, r *http.Request) {`
`72`	`74`	`render.Error(w, errs.InternalServerErr(err))`
`73`	`75`	`return`
`74`	`76`	`}`
	`77`	`+`
`75`	`78`	`render.JSON(w, &GetProvisionersResponse{`
`76`	`79`	`Provisioners: p,`
`77`	`80`	`NextCursor: next,`
`@@ -102,6 +105,8 @@ func CreateProvisioner(w http.ResponseWriter, r *http.Request) {`
`102`	`105`	`render.Error(w, admin.WrapErrorISE(err, "error storing provisioner %s", prov.Name))`
`103`	`106`	`return`
`104`	`107`	`}`
	`108`	`+`
	`109`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`105`	`110`	`render.ProtoJSONStatus(w, prov, http.StatusCreated)`
`106`	`111`	`}`
`107`	`112`
`@@ -198,6 +203,8 @@ func UpdateProvisioner(w http.ResponseWriter, r *http.Request) {`
`198`	`203`	`render.Error(w, err)`
`199`	`204`	`return`
`200`	`205`	`}`
	`206`	`+`
	`207`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`201`	`208`	`render.ProtoJSON(w, nu)`
`202`	`209`	`}`
`203`	`210`
Original file line number	Diff line number	Diff line change
`@@ -127,6 +127,7 @@ func (war *webhookAdminResponder) CreateProvisionerWebhook(w http.ResponseWriter`
`127`	`127`	`return`
`128`	`128`	`}`
`129`	`129`
	`130`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`130`	`131`	`render.ProtoJSONStatus(w, newWebhook, http.StatusCreated)`
`131`	`132`	`}`
`132`	`133`
`@@ -231,5 +232,7 @@ func (war *webhookAdminResponder) UpdateProvisionerWebhook(w http.ResponseWriter`
`231`	`232`	`Auth: newWebhook.Auth,`
`232`	`233`	`DisableTlsClientAuth: newWebhook.DisableTlsClientAuth,`
`233`	`234`	`}`
	`235`	`+`
	`236`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`234`	`237`	`render.ProtoJSONStatus(w, whResponse, http.StatusCreated)`
`235`	`238`	`}`
Original file line number	Diff line number	Diff line change
`@@ -359,6 +359,7 @@ func writeResponse(w http.ResponseWriter, res Response) {`
`359`	`359`	`}`
`360`	`360`
`361`	`361`	`w.Header().Set("Content-Type", contentHeader(res))`
	`362`	`+ w.Header().Set("Cache-Control", "private, no-store")`
`362`	`363`	`_, _ = w.Write(res.Data)`
`363`	`364`	`}`
`364`	`365`