From b1b993b231f0aec68f391d8c08b3301ba90f8fc6 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Fri, 30 Apr 2021 15:43:22 -0500
Subject: [PATCH] httpkadmind: Use no-store rather than no-cache

---
 kdc/httpkadmind.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kdc/httpkadmind.c b/kdc/httpkadmind.c
index 4910b121a..13b5528e1 100644
--- a/kdc/httpkadmind.c
+++ b/kdc/httpkadmind.c
@@ -643,7 +643,7 @@ resp(kadmin_request_desc r,
     if (response == NULL)
         return -1;
     mret = MHD_add_response_header(response, MHD_HTTP_HEADER_CACHE_CONTROL,
-                                   "no-cache");
+                                   "no-store, max-age=0");
     if (mret == MHD_YES && http_status_code == MHD_HTTP_UNAUTHORIZED) {
         size_t i;
 
@@ -654,7 +654,7 @@ resp(kadmin_request_desc r,
                 mret = MHD_add_response_header(response,
                                                MHD_HTTP_HEADER_WWW_AUTHENTICATE,
                                                auth_types.strings[i]);
-    } else if (http_status_code == MHD_HTTP_TEMPORARY_REDIRECT) {
+    } else if (mret == MHD_YES && http_status_code == MHD_HTTP_TEMPORARY_REDIRECT) {
         const char *redir = make_redirect_uri(r, primary_server_URI);
 
         if (redir)