Specify the cache control response headers for user/session views

- We don't want the browser to ever use a cached copy of the current user data.
openplans · Mar 6, 2015 · cf4700d · cf4700d
1 parent cb3640c
commit cf4700d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/sa_api_v2/views/base_views.py b/src/sa_api_v2/views/base_views.py
@@ -1834,7 +1834,7 @@ def get(self, request):
             user_url = reverse('user-detail', args=[request.user.username])
             return HttpResponseRedirect(user_url + '?' + request.GET.urlencode(), status=303)
         else:
-            return Response(None)
+            return Response(None, headers={'cache-control': 'private, max-age=0, no-cache'})
 
     def post(self, request):
         from django.contrib.auth import authenticate, login
@@ -1877,7 +1877,7 @@ class SessionKeyView (CorsEnabledMixin, views.APIView):
     def get(self, request):
         return Response({
             settings.SESSION_COOKIE_NAME: request.session.session_key,
-        })
+        }, headers={'cache-control': 'private, max-age=0, no-cache'})
 
 
 ###############################################################################