Skip to content

Adds attribute to ensure management API requests are never cached in the browser or via a CDN #19496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nikolajlauridsen merged 1 commit into from
Jun 6, 2025
Merged

Adds attribute to ensure management API requests are never cached in the browser or via a CDN #19496

nikolajlauridsen merged 1 commit into from
Jun 6, 2025

Conversation

@AndyButland
Copy link
Contributor

@AndyButland AndyButland commented Jun 6, 2025

Prerequisites

  • I have added steps to test this contribution in the description below

Came up via an internal support request.

Description

It's been identified that in Umbraco 13 we specifically disabled caching on any backoffice API requests, but we don't do the same on the management API. Although there's no evidence this has caused issues with usage via the backoffice, this can lead to cached responses being returned when a CDN is in the mix.

As such I've added the existing attribute for disabling the browser cache to the base management API controller.

Testing

Verify the headers you see on the response.

Before:
image

After:
image

Copilot AI review requested due to automatic review settings June 6, 2025 10:08
@AndyButland AndyButland changed the title Adds attribute to ensure management API requests are never cached in the browser or via a CDN. Adds attribute to ensure management API requests are never cached in the browser or via a CDN Jun 6, 2025
Copilot AI reviewed Jun 6, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR ensures that all Management API requests include headers to prevent caching in browsers or CDNs by applying the existing DisableBrowserCache filter on the base controller.

  • Adds the DisableBrowserCache attribute to ManagementApiControllerBase
  • Imports the necessary filter namespace
Comments suppressed due to low confidence (1)

src/Umbraco.Cms.Api.Management/Controllers/ManagementApiControllerBase.cs:26

  • Consider adding an automated or integration test to verify that responses from Management API endpoints include the appropriate no-cache headers (Cache-Control, Pragma, etc.) when this attribute is applied.
[DisableBrowserCache]

nikolajlauridsen
nikolajlauridsen approved these changes Jun 6, 2025
View reviewed changes
Copy link
Contributor

@nikolajlauridsen nikolajlauridsen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@nikolajlauridsen nikolajlauridsen enabled auto-merge (squash) June 6, 2025 10:25
@nikolajlauridsen nikolajlauridsen merged commit 6c769d6 into main Jun 6, 2025
26 checks passed
@nikolajlauridsen nikolajlauridsen deleted the v16/improvement/disable-cache-for-mgmt-api branch June 6, 2025 10:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@nikolajlauridsen nikolajlauridsen nikolajlauridsen approved these changes

Assignees

No one assigned

Labels

release/16.1.0 type/improvement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AndyButland @nikolajlauridsen