From 5735b057a68b6afcd0a4b9aad98a9bb11682b96b Mon Sep 17 00:00:00 2001
From: Paul Hayes <paul.hayes@digital.cabinet-office.gov.uk>
Date: Mon, 7 Apr 2014 15:37:02 +0100
Subject: [PATCH] Don't let the browser show a cached page

* Avoid showing a user an inaccurate mappings list when a user hits back
* Avoid showing flash messages multiple times when a user hits back
---
 app/controllers/application_controller.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e3a177bf3..351e7ba7b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base
   include GDS::SSO::ControllerMethods
 
   before_filter :require_signin_permission!
+  before_filter :set_cache_buster
 
   protect_from_forgery
 
@@ -23,6 +24,13 @@ def render_error(status, options={})
     render "errors/error_#{status}", status: status, layout: 'error_page'
   end
 
+  # http://stackoverflow.com/questions/711418/how-to-prevent-browser-page-caching-in-rails
+  def set_cache_buster
+    response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
+    response.headers["Pragma"] = "no-cache"
+    response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
+  end
+
 private
   def verify_authenticity_token
     raise ActionController::InvalidAuthenticityToken unless verified_request?