Fixed #135 by replacing the incorrect default values for the Cache-Co…

…ntrol header with the correct ones.
GaProgMan · Dec 3, 2024 · 21e7237 · 21e7237
1 parent fe21b86
commit 21e7237
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 13 deletions.
diff --git a/src/Extensions/SecureHeadersMiddlewareBuilder.cs b/src/Extensions/SecureHeadersMiddlewareBuilder.cs
@@ -256,7 +256,7 @@ public static SecureHeadersMiddlewareConfiguration UseReferrerPolicy
         /// </exception>
         public static SecureHeadersMiddlewareConfiguration UseCacheControl
         (this SecureHeadersMiddlewareConfiguration config,
-            bool @private = true, int maxAge = 31536000, bool noCache = false, bool noStore = false,
+            bool @private = false, int maxAge = 0, bool noCache = false, bool noStore = true,
             bool mustRevalidate = false)
         {
             config.UseCacheControl = true;

diff --git a/src/Models/CacheControl.cs b/src/Models/CacheControl.cs
@@ -11,6 +11,7 @@ public class CacheControl : IConfigurationBase
         /// Whether all or part of the HTTP response message is intended for a
         /// single user and must not be cached by a shared cache.
         /// </summary>
+        /// <remarks>
         /// The following is taken from the MDN article for cache-control
         ///    If you forget to add private to a response with personalized content,
         ///    then that response can be stored in a shared cache and end up being
@@ -63,8 +64,8 @@ public class CacheControl : IConfigurationBase
         [ExcludeFromCodeCoverage]
         protected CacheControl() { }
 
-        public CacheControl(bool @private, int maxAge = 86400, bool noCache = false,
-            bool noStore = false, bool mustRevalidate = false)
+        public CacheControl(bool @private, int maxAge = 0, bool noCache = false,
+            bool noStore = true, bool mustRevalidate = false)
         {
             Private = @private;
             MaxAge = maxAge;
@@ -85,23 +86,24 @@ public string BuildHeaderValue()
                 stringBuilder.Append("no-cache");
                 return stringBuilder.ToString();
             }
-
-            if (NoStore)
+            
+            if (Private)
             {
-                stringBuilder.Append("no-store");
+                stringBuilder.Append("private");
                 return stringBuilder.ToString();
             }
-
-            stringBuilder.Append("max-age=");
-            stringBuilder.Append(MaxAge);
+
             if (MustRevalidate)
             {
-                stringBuilder.Append(", must-revalidate");
+                stringBuilder.Append("must-revalidate");
+                return stringBuilder.ToString();
             }
 
-            if (Private)
+            stringBuilder.Append($"max-age={MaxAge},"); 
+            if (NoStore)
             {
-                stringBuilder.Append(", private");
+                stringBuilder.Append("no-store");
+                return stringBuilder.ToString();
             }
 
             return stringBuilder.ToString();

diff --git a/...pHeaders.Core.Tests/SecureHeadersMiddlewareExtensionTests/SecureHeadersMiddlewareTests.cs b/...pHeaders.Core.Tests/SecureHeadersMiddlewareExtensionTests/SecureHeadersMiddlewareTests.cs
@@ -79,7 +79,7 @@ public void BuildDefaultConfiguration_Returns_Valid_Configuration()
 
         // Cache-Control
         Assert.True(response.UseCacheControl);
-        Assert.Equal("max-age=31536000, private", response.CacheControl.BuildHeaderValue());
+        Assert.Equal("max-age=0,no-store", response.CacheControl.BuildHeaderValue());
 
         // X-XSS-Protection
         Assert.True(response.UseXssProtection);