From 516db012bf2466c1f3e7b907decaec1eec22cb65 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Fri, 19 Jan 2024 16:41:05 +0100 Subject: [PATCH] Dont allow caching captcha response (#4381) Co-authored-by: Dessalines --- crates/api/src/local_user/get_captcha.rs | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/crates/api/src/local_user/get_captcha.rs b/crates/api/src/local_user/get_captcha.rs index 5d692aa0c..3d93a793c 100644 --- a/crates/api/src/local_user/get_captcha.rs +++ b/crates/api/src/local_user/get_captcha.rs @@ -1,5 +1,13 @@ use crate::captcha_as_wav_base64; -use actix_web::web::{Data, Json}; +use actix_web::{ + http::{ + header::{CacheControl, CacheDirective}, + StatusCode, + }, + web::{Data, Json}, + HttpResponse, + HttpResponseBuilder, +}; use captcha::{gen, Difficulty}; use lemmy_api_common::{ context::LemmyContext, @@ -12,13 +20,13 @@ use lemmy_db_schema::source::{ use lemmy_utils::error::LemmyError; #[tracing::instrument(skip(context))] -pub async fn get_captcha( - context: Data, -) -> Result, LemmyError> { +pub async fn get_captcha(context: Data) -> Result { let local_site = LocalSite::read(&mut context.pool()).await?; + let mut res = HttpResponseBuilder::new(StatusCode::OK); + res.insert_header(CacheControl(vec![CacheDirective::NoStore])); if !local_site.captcha_enabled { - return Ok(Json(GetCaptchaResponse { ok: None })); + return Ok(res.json(Json(GetCaptchaResponse { ok: None }))); } let captcha = gen(match local_site.captcha_difficulty.as_str() { @@ -37,11 +45,12 @@ pub async fn get_captcha( // Stores the captcha item in the db let captcha = CaptchaAnswer::insert(&mut context.pool(), &captcha_form).await?; - Ok(Json(GetCaptchaResponse { + let json = Json(GetCaptchaResponse { ok: Some(CaptchaResponse { png, wav, uuid: captcha.uuid.to_string(), }), - })) + }); + Ok(res.json(json)) }