fix: prevent browser from caching API responses

Without explicit Cache-Control headers, browsers may heuristically cache API JSON responses. This causes stale data to be served on normal page refresh (F5) — for example, projects newly shared with a team not appearing until the user performs a hard refresh (Ctrl+Shift+R). Add Cache-Control: no-store to all API responses via middleware and configure the service worker's NetworkOnly strategy to explicitly bypass the browser HTTP cache for API requests. Ref: https://community.vikunja.io/t/team-members-cannot-see-project/1876
2026-04-29 19:10:51 -05:00 · 2026-02-24 10:37:08 +01:00
parent 19ccc3cb8e
commit a13ecbd3cc
2 changed files with 17 additions and 2 deletions
--- a/frontend/src/sw.ts
+++ b/frontend/src/sw.ts
@@ -20,10 +20,14 @@ workbox.routing.registerRoute(
 	new workbox.strategies.StaleWhileRevalidate(),
 )

-// Always send api requests through the network
+// Always send api requests through the network and bypass the browser's HTTP cache
 workbox.routing.registerRoute(
 	new RegExp('api\\/v1\\/.*$'),
-	new workbox.strategies.NetworkOnly(),
+	new workbox.strategies.NetworkOnly({
+		fetchOptions: {
+			cache: 'no-store',
+		},
+	}),
 )

 // This code listens for the user's confirmation to update the app.