From a74c8e17f511411edb9628d7694cda358c8d055f Mon Sep 17 00:00:00 2001
From: Matthias Dittrich <matthi.d@gmail.com>
Date: Thu, 10 Apr 2025 19:18:46 +0200
Subject: [PATCH 1/3] Update
 OpenIddictServerAspNetCoreHandlers.Authentication.cs

Fix Caching strategy on form_post html
---
 .../OpenIddictServerAspNetCoreHandlers.Authentication.cs        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
index 61e4609b4..9917dc050 100644
--- a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
+++ b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
@@ -208,7 +208,7 @@ from value in values.GetValueOrDefault()
                 response.ContentLength = buffer.Length;
                 response.ContentType = "text/html;charset=UTF-8";
 
-                response.Headers[HeaderNames.CacheControl] = "no-cache";
+                response.Headers[HeaderNames.CacheControl] = "no-cache, no-store";
                 response.Headers[HeaderNames.Pragma] = "no-cache";
                 response.Headers[HeaderNames.Expires] = "-1";
 

From 5c8d2ddbd054439aafad1c6d9aa309ca24fec231 Mon Sep 17 00:00:00 2001
From: Matthias Dittrich <matthi.d@gmail.com>
Date: Fri, 11 Apr 2025 13:51:52 +0200
Subject: [PATCH 2/3] use no-store instead

---
 .../OpenIddictServerAspNetCoreHandlers.Authentication.cs        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
index 9917dc050..3d6085972 100644
--- a/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
+++ b/src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
@@ -208,7 +208,7 @@ from value in values.GetValueOrDefault()
                 response.ContentLength = buffer.Length;
                 response.ContentType = "text/html;charset=UTF-8";
 
-                response.Headers[HeaderNames.CacheControl] = "no-cache, no-store";
+                response.Headers[HeaderNames.CacheControl] = "no-store";
                 response.Headers[HeaderNames.Pragma] = "no-cache";
                 response.Headers[HeaderNames.Expires] = "-1";
 

From 453b47704a04e7f5eb32b4d7c7352fd4a620149d Mon Sep 17 00:00:00 2001
From: Matthias Dittrich <matthi.d@gmail.com>
Date: Fri, 11 Apr 2025 13:53:03 +0200
Subject: [PATCH 3/3] Update OpenIddictServerOwinHandlers.Authentication.cs

Change to no-store
---
 .../OpenIddictServerOwinHandlers.Authentication.cs              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
index 4a24d218f..a640d79b9 100644
--- a/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
+++ b/src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
@@ -200,7 +200,7 @@ from value in values.GetValueOrDefault()
                 response.ContentLength = buffer.Length;
                 response.ContentType = "text/html;charset=UTF-8";
 
-                response.Headers[Headers.CacheControl] = "no-cache";
+                response.Headers[Headers.CacheControl] = "no-store";
                 response.Headers[Headers.Pragma] = "no-cache";
                 response.Headers[Headers.Expires] = "-1";