From dc5fb6ea5ffee9686c6740772dad02e1f81ced57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franc=CC=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Fri, 5 Apr 2024 10:00:44 +0200
Subject: [PATCH] extend no-cache for more controllers

---
 src/server/controllers/account-contributors.js | 4 ++++
 src/server/controllers/account-transactions.js | 1 +
 src/server/controllers/members.js              | 4 ++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/server/controllers/account-contributors.js b/src/server/controllers/account-contributors.js
index d63261e7..c3db764c 100644
--- a/src/server/controllers/account-contributors.js
+++ b/src/server/controllers/account-contributors.js
@@ -188,6 +188,10 @@ const accountContributors = async (req, res) => {
     switch (req.params.format) {
       case 'txt':
       case 'csv': {
+        // don't cache at CDN level as the result may contain private information
+        if (authorization || apiKey || personalToken) {
+          res.append('Cache-Control', 'no-cache');
+        }
         if (req.params.format === 'csv') {
           res.append('Content-Type', `text/csv;charset=utf-8`);
         } else {
diff --git a/src/server/controllers/account-transactions.js b/src/server/controllers/account-transactions.js
index ee300b33..268230d9 100644
--- a/src/server/controllers/account-transactions.js
+++ b/src/server/controllers/account-transactions.js
@@ -616,6 +616,7 @@ const accountTransactions = async (req, res) => {
     switch (req.params.format) {
       case 'txt':
       case 'csv': {
+        // don't cache at CDN level as the result may contain private information
         if (authorization || apiKey || personalToken) {
           res.append('Cache-Control', 'no-cache');
         }
diff --git a/src/server/controllers/members.js b/src/server/controllers/members.js
index d69e3204..6ed269cc 100644
--- a/src/server/controllers/members.js
+++ b/src/server/controllers/members.js
@@ -38,8 +38,8 @@ export async function list(req, res, next) {
     headers['Personal-Token'] = personalToken;
   }
 
-  // don't cache at CDN level as the result contains private information
-  if (Object.keys(headers).length) {
+  // don't cache at CDN level as the result may contain private information
+  if (authorization || apiKey || personalToken) {
     res.setHeader('cache-control', 'no-cache');
   }