fix(admin): fresh SSR reads, atomic user delete + sanitized errors, cookie-rotation in middleware, no-store on admin APIs

2026-05-31 13:15:56 +02:00
parent 61bf6c013c
commit 535b2ef202
23 changed files with 180 additions and 95 deletions
@@ -0,0 +1,13 @@
+import { NextResponse } from 'next/server';
+
+/**
+ * Wrapper around NextResponse.json that marks the response uncacheable. All
+ * admin API responses must never be stored by browsers, proxies, or Next's
+ * own caches, since they reflect privileged, frequently-changing state.
+ */
+export function jsonNoStore(body: unknown, init?: ResponseInit): NextResponse {
+  const res = NextResponse.json(body, init);
+  res.headers.set('Cache-Control', 'no-store');
+  res.headers.set('Pragma', 'no-cache');
+  return res;
+}