Add Cache-Control: no-store for authenticated pages; fix payment onclick encoding

Prevents browsers from caching authenticated pages, which resolves stale/corrupt cache bugs (e.g. Firefox refusing to navigate to a specific invoice). Also fixes the Edit Payment button onclick to use Json.Serialize for Reference/Notes so apostrophes and other special characters don't break the JavaScript string literal. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-20 14:11:03 -04:00
parent b9e9449c8b
commit 81dc34bab4
2 changed files with 6 additions and 1 deletions
@@ -409,7 +409,7 @@
                                                    @if (!isVoided)
                                                    {
                                                        <button type="button" class="btn btn-sm btn-outline-secondary me-1" title="Edit payment"
-                                                                onclick="openEditPaymentModal(@p.Id, @Model.Id, '@p.PaymentDate.ToString("yyyy-MM-dd")', @((int)p.PaymentMethod), '@(p.Reference ?? "")', '@(p.Notes ?? "")', @(p.DepositAccountId?.ToString() ?? "null"))">
+                                                                onclick="openEditPaymentModal(@p.Id, @Model.Id, '@p.PaymentDate.ToString("yyyy-MM-dd")', @((int)p.PaymentMethod), @Json.Serialize(p.Reference ?? ""), @Json.Serialize(p.Notes ?? ""), @(p.DepositAccountId?.ToString() ?? "null"))">
                                                            <i class="bi bi-pencil"></i>
                                                        </button>
                                                        <form asp-action="DeletePayment" asp-route-invoiceId="@Model.Id" asp-route-paymentId="@p.Id"