From 8f18bde3e69b3caf3d640506d75978d9020789a7 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 19 May 2026 16:18:47 +0200
Subject: [PATCH] aio-interface: do not cache the containers, logs and setup
 screen as it shows credentials

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/public/index.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 8d109a7f..b1dfcad0 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -181,8 +181,10 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
         'community_containers_enabled' => $configurationManager->aioCommunityContainers,
         'bypass_container_update' => $bypass_container_update,
-    ]);
+    // Do not cache the page as it shows credentials
+    ])->withHeader('Cache-Control', 'no-store');
 })->setName('profile');
+
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
@@ -191,6 +193,7 @@ $app->get('/login', function (Request $request, Response $response, array $args)
         'is_login_allowed' => $dockerActionManager->isLoginAllowed(),
     ]);
 });
+
 $app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\Setup $setup */
@@ -210,7 +213,9 @@ $app->get('/setup', function (Request $request, Response $response, array $args)
             'password' => $setup->Setup(),
         ]
     );
-});
+// Do not cache the page as it shows credentials
+})->withHeader('Cache-Control', 'no-store');
+
 $app->get('/log', function (Request $request, Response $response, array $args) use ($container) {
     $params = $request->getQueryParams();
     $id = $params['id'] ?? '';
@@ -219,7 +224,8 @@ $app->get('/log', function (Request $request, Response $response, array $args) u
     }
     $view = Twig::fromRequest($request);
     return $view->render($response, 'log.twig', ['id' => $id]);
-});
+// Do not cache the page as it might shows credentials
+})->withHeader('Cache-Control', 'no-store');
 
 // Auth Redirector
 $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, array $args) use ($container) {