|
|
@@ -1,3 +1,8 @@
|
|
|
+// ---------------------------------------------------------------------------
|
|
|
+// Ordner: lib/api
|
|
|
+// Datei: errors.js
|
|
|
+// Relativer Pfad: lib/api/errors.js
|
|
|
+// ---------------------------------------------------------------------------
|
|
|
/**
|
|
|
* Central API response helpers for consistent JSON output and standardized errors.
|
|
|
*
|
|
|
@@ -11,8 +16,22 @@
|
|
|
* because Next.js route handlers can return any `Response` and it keeps tests simple.
|
|
|
*/
|
|
|
|
|
|
-/** Default JSON response headers for all API responses that return JSON. */
|
|
|
-const JSON_HEADERS = { "Content-Type": "application/json" };
|
|
|
+/**
|
|
|
+ * Default JSON response headers for all API responses that return JSON.
|
|
|
+ *
|
|
|
+ * RHL-006 (Caching / Freshness):
|
|
|
+ * - We explicitly disable HTTP caching for ALL JSON API responses by default.
|
|
|
+ * - Reason #1: NAS filesystem contents can change at any time (new scans appear).
|
|
|
+ * - Reason #2: Auth/RBAC-protected responses must never be cached/shared by accident
|
|
|
+ * (e.g. via browser cache, proxies, reverse proxies, or intermediate gateways).
|
|
|
+ *
|
|
|
+ * If a future endpoint truly needs caching, it should override headers explicitly
|
|
|
+ * at the call site via `json(..., status, { "Cache-Control": "..." })`.
|
|
|
+ */
|
|
|
+const JSON_HEADERS = {
|
|
|
+ "Content-Type": "application/json",
|
|
|
+ "Cache-Control": "no-store",
|
|
|
+};
|
|
|
|
|
|
/**
|
|
|
* Create a JSON `Response` with the given payload.
|
|
|
@@ -176,3 +195,4 @@ export function withErrorHandling(handler, { logPrefix = "[api]" } = {}) {
|
|
|
}
|
|
|
};
|
|
|
}
|
|
|
+// ---------------------------------------------------------------------------
|
