Force no-store header on server error and rate limit responses

2025-12-06 11:29:46 +00:00 · 2025-01-23 15:23:48 -06:00 · 2025-01-23 15:23:48 -06:00 · 3fdd6e2213
commit 3fdd6e2213
parent afa0a337d3
2 changed files with 6 additions and 0 deletions
--- a/src/controllers/error.ts
+++ b/src/controllers/error.ts
@ -2,6 +2,8 @@ import { ErrorHandler } from '@hono/hono';
 import { HTTPException } from '@hono/hono/http-exception';

 export const errorHandler: ErrorHandler = (err, c) => {
+  c.header('Cache-Control', 'no-store');
+
  if (err instanceof HTTPException) {
    if (err.res) {
      return err.res;
--- a/src/middleware/rateLimitMiddleware.ts
+++ b/src/middleware/rateLimitMiddleware.ts
@ -9,6 +9,10 @@ export function rateLimitMiddleware(limit: number, windowMs: number): Middleware
  return rateLimiter({
    limit,
    windowMs,
+    handler: (c) => {
+      c.header('Cache-Control', 'no-store');
+      return c.text('Too many requests, please try again later.', 429);
+    },
    skip: (c) => !c.req.header('x-real-ip'),
    keyGenerator: (c) => c.req.header('x-real-ip')!,
  });