From 1d546bbb597169e460079455d16a53a2d89666e1 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 19 May 2026 16:18:47 +0200
Subject: [PATCH] aio-interface: do not cache the containers, logs and setup
 screen as it shows credentials

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/index.php | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 8d109a7f..a6b8c61b 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -181,8 +181,10 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
         'community_containers_enabled' => $configurationManager->aioCommunityContainers,
         'bypass_container_update' => $bypass_container_update,
-    ]);
+    // Do not cache the page as it shows credentials
+    ])->withHeader('Cache-Control', 'no-store');
 })->setName('profile');
+
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
@@ -191,6 +193,7 @@ $app->get('/login', function (Request $request, Response $response, array $args)
         'is_login_allowed' => $dockerActionManager->isLoginAllowed(),
     ]);
 });
+
 $app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\Setup $setup */
@@ -209,8 +212,10 @@ $app->get('/setup', function (Request $request, Response $response, array $args)
         [
             'password' => $setup->Setup(),
         ]
-    );
+    // Do not cache the page as it shows credentials
+    )->withHeader('Cache-Control', 'no-store');
 });
+
 $app->get('/log', function (Request $request, Response $response, array $args) use ($container) {
     $params = $request->getQueryParams();
     $id = $params['id'] ?? '';
@@ -218,7 +223,13 @@ $app->get('/log', function (Request $request, Response $response, array $args) u
         throw new DI\NotFoundException();
     }
     $view = Twig::fromRequest($request);
-    return $view->render($response, 'log.twig', ['id' => $id]);
+    return $view->render(
+        $response, 'log.twig', 
+        [
+            'id' => $id
+        ]
+    // Do not cache the page as it might shows credentials
+    )->withHeader('Cache-Control', 'no-store');
 });
 
 // Auth Redirector