From 81dc34bab447ea884a9c6a580f0c7ed3caa9839f Mon Sep 17 00:00:00 2001 From: Scott Pouliot Date: Wed, 20 May 2026 14:11:03 -0400 Subject: [PATCH] Add Cache-Control: no-store for authenticated pages; fix payment onclick encoding Prevents browsers from caching authenticated pages, which resolves stale/corrupt cache bugs (e.g. Firefox refusing to navigate to a specific invoice). Also fixes the Edit Payment button onclick to use Json.Serialize for Reference/Notes so apostrophes and other special characters don't break the JavaScript string literal. Co-Authored-By: Claude Sonnet 4.6 --- src/PowderCoating.Web/Program.cs | 5 +++++ src/PowderCoating.Web/Views/Invoices/Details.cshtml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/PowderCoating.Web/Program.cs b/src/PowderCoating.Web/Program.cs index 473b941..acb97e9 100644 --- a/src/PowderCoating.Web/Program.cs +++ b/src/PowderCoating.Web/Program.cs @@ -653,6 +653,11 @@ app.Use(async (context, next) => context.Response.Headers.Append("Permissions-Policy", "geolocation=(), microphone=(), camera=()"); + // Prevent browsers from caching authenticated pages — avoids stale data and + // browser-specific cache corruption bugs (e.g. Firefox caching a partial load). + if (context.User.Identity?.IsAuthenticated == true) + context.Response.Headers.Append("Cache-Control", "no-store"); + await next(); }); diff --git a/src/PowderCoating.Web/Views/Invoices/Details.cshtml b/src/PowderCoating.Web/Views/Invoices/Details.cshtml index df65817..884d1e1 100644 --- a/src/PowderCoating.Web/Views/Invoices/Details.cshtml +++ b/src/PowderCoating.Web/Views/Invoices/Details.cshtml @@ -409,7 +409,7 @@ @if (!isVoided) {