Merge pull request #1343 from cisagov/nmb/no-caching

Set Cache-Control: no-cache on every response

src/registrar/config/settings.py

@@ -136,6 +136,8 @@ MIDDLEWARE = [
     "allow_cidr.middleware.AllowCIDRMiddleware",
     # django-cors-headers: listen to cors responses
     "corsheaders.middleware.CorsMiddleware",
+    # custom middleware to stop caching from CloudFront
+    "registrar.no_cache_middleware.NoCacheMiddleware",
     # serve static assets in production
     "whitenoise.middleware.WhiteNoiseMiddleware",
     # provide security enhancements to the request/response cycle

src/registrar/no_cache_middleware.py

@@ -0,0 +1,18 @@
+"""Middleware to add Cache-control: no-cache to every response.
+
+Used to force Cloudfront caching to leave us alone while we develop
+better caching responses.
+"""
+
+
+class NoCacheMiddleware:
+
+    """Middleware to add a single header to every response."""
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+        response["Cache-Control"] = "no-cache"
+        return response

src/zap.conf

@@ -62,6 +62,9 @@
 10038	OUTOFSCOPE	http://app:8080/delete
 10038	OUTOFSCOPE	http://app:8080/withdraw 
 10038	OUTOFSCOPE	http://app:8080/withdrawconfirmed 
+10038	OUTOFSCOPE	http://app:8080/dns
+10038	OUTOFSCOPE	http://app:8080/dnssec
+10038	OUTOFSCOPE	http://app:8080/dns/dnssec
 # This URL always returns 404, so include it as well.
 10038	OUTOFSCOPE	http://app:8080/todo
 # OIDC isn't configured in the test environment and DEBUG=True so this gives a 500 without CSP headers