From 65b344c1cac7e73e77a37e701431aad01f18b048 Mon Sep 17 00:00:00 2001
From: kippmorris7 <penguin_27@icloud.com>
Date: Mon, 10 Jul 2023 10:55:18 -0500
Subject: [PATCH] Add `Cache-Control: private, no-store` HTTP header to server
 endpoints that respond with sensitive info.

Fixes #793
---
 acme/api/account.go                | 2 ++
 acme/api/handler.go                | 2 ++
 api/api.go                         | 2 ++
 authority/admin/api/provisioner.go | 8 ++++++++
 authority/admin/api/webhook.go     | 3 +++
 scep/api/api.go                    | 1 +
 6 files changed, 18 insertions(+)

diff --git a/acme/api/account.go b/acme/api/account.go
index ce8b5799b7..75d04821a3 100644
--- a/acme/api/account.go
+++ b/acme/api/account.go
@@ -162,6 +162,7 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {
 	linker.LinkAccount(ctx, acc)
 
 	w.Header().Set("Location", getAccountLocationPath(ctx, linker, acc.ID))
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSONStatus(w, acc, httpStatus)
 }
 
@@ -212,6 +213,7 @@ func GetOrUpdateAccount(w http.ResponseWriter, r *http.Request) {
 	linker.LinkAccount(ctx, acc)
 
 	w.Header().Set("Location", linker.GetLink(ctx, acme.AccountLinkType, acc.ID))
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSON(w, acc)
 }
 
diff --git a/acme/api/handler.go b/acme/api/handler.go
index 16713cf7ef..eb1b74fbe2 100644
--- a/acme/api/handler.go
+++ b/acme/api/handler.go
@@ -306,6 +306,7 @@ func GetAuthorization(w http.ResponseWriter, r *http.Request) {
 	linker.LinkAuthorization(ctx, az)
 
 	w.Header().Set("Location", linker.GetLink(ctx, acme.AuthzLinkType, az.ID))
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSON(w, az)
 }
 
@@ -359,6 +360,7 @@ func GetChallenge(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Add("Link", link(linker.GetLink(ctx, acme.AuthzLinkType, azID), "up"))
 	w.Header().Set("Location", linker.GetLink(ctx, acme.ChallengeLinkType, azID, ch.ID))
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSON(w, ch)
 }
 
diff --git a/api/api.go b/api/api.go
index c9820351d4..c81cf9eeb2 100644
--- a/api/api.go
+++ b/api/api.go
@@ -379,6 +379,7 @@ func Provisioners(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSON(w, &ProvisionersResponse{
 		Provisioners: p,
 		NextCursor:   next,
@@ -394,6 +395,7 @@ func ProvisionerKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSON(w, &ProvisionerKeyResponse{key})
 }
 
diff --git a/authority/admin/api/provisioner.go b/authority/admin/api/provisioner.go
index c584361bd7..dd8d86945f 100644
--- a/authority/admin/api/provisioner.go
+++ b/authority/admin/api/provisioner.go
@@ -55,6 +55,8 @@ func GetProvisioner(w http.ResponseWriter, r *http.Request) {
 		render.Error(w, err)
 		return
 	}
+
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSON(w, prov)
 }
 
@@ -72,6 +74,8 @@ func GetProvisioners(w http.ResponseWriter, r *http.Request) {
 		render.Error(w, errs.InternalServerErr(err))
 		return
 	}
+
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.JSON(w, &GetProvisionersResponse{
 		Provisioners: p,
 		NextCursor:   next,
@@ -102,6 +106,8 @@ func CreateProvisioner(w http.ResponseWriter, r *http.Request) {
 		render.Error(w, admin.WrapErrorISE(err, "error storing provisioner %s", prov.Name))
 		return
 	}
+
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSONStatus(w, prov, http.StatusCreated)
 }
 
@@ -198,6 +204,8 @@ func UpdateProvisioner(w http.ResponseWriter, r *http.Request) {
 		render.Error(w, err)
 		return
 	}
+
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSON(w, nu)
 }
 
diff --git a/authority/admin/api/webhook.go b/authority/admin/api/webhook.go
index 3939d55e71..5b48a872d7 100644
--- a/authority/admin/api/webhook.go
+++ b/authority/admin/api/webhook.go
@@ -127,6 +127,7 @@ func (war *webhookAdminResponder) CreateProvisionerWebhook(w http.ResponseWriter
 		return
 	}
 
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSONStatus(w, newWebhook, http.StatusCreated)
 }
 
@@ -231,5 +232,7 @@ func (war *webhookAdminResponder) UpdateProvisionerWebhook(w http.ResponseWriter
 		Auth:                 newWebhook.Auth,
 		DisableTlsClientAuth: newWebhook.DisableTlsClientAuth,
 	}
+
+	w.Header().Set("Cache-Control", "private, no-store")
 	render.ProtoJSONStatus(w, whResponse, http.StatusCreated)
 }
diff --git a/scep/api/api.go b/scep/api/api.go
index 98da818be0..3462750d6c 100644
--- a/scep/api/api.go
+++ b/scep/api/api.go
@@ -359,6 +359,7 @@ func writeResponse(w http.ResponseWriter, res Response) {
 	}
 
 	w.Header().Set("Content-Type", contentHeader(res))
+	w.Header().Set("Cache-Control", "private, no-store")
 	_, _ = w.Write(res.Data)
 }