Force revalidation headers when user logs out

Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2021-10-04 12:52:48 -07:00
parent 244616b31e
commit 9b48732cd2
2 changed files with 24 additions and 0 deletions

View file

@ -23,6 +23,7 @@ class Kernel extends HttpKernel
\App\Http\Middleware\CheckForDebug::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\SecurityHeaders::class,
\App\Http\Middleware\PreventBackHistory::class,
];

View file

@ -0,0 +1,23 @@
<?php
namespace App\Http\Middleware;
use Closure;
class PreventBackHistory
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
return $response->header('Cache-Control','no-cache, no-store, max-age=0, must-revalidate')
->header('Pragma','no-cache')
->header('Expires','Sun, 02 Jan 1990 00:00:00 GMT');
}
}