prevent caching of main doc to ensure logged out detection is processed

salt/nginx/etc/nginx.conf

@@ -181,7 +181,7 @@ http {
 		ssl_prefer_server_ciphers on;
 		ssl_protocols TLSv1.2 TLSv1.3;
 
-		location ~* (^/login/.*|^/js/.*|^/css/.*|^/images/.*) {
+		location ~* (^/login/.*|^/js/.*|^/css/.*|^/images/.*|^/pages/.*|^/docs/.*) {
 			proxy_pass            http://{{ GLOBALS.manager }}:9822;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
@@ -213,6 +213,9 @@ http {
 			proxy_buffering         off;
 			proxy_cache             off;
 			proxy_request_buffering off;
+			add_header              Cache-Control "no-cache, no-store, must-revalidate";
+			add_header              Pragma "no-cache";
+			add_header              Expires "0";
 		}
 
 		location ~ ^/auth/.*?(login|oidc/callback) {
@@ -385,10 +388,14 @@ http {
 			if ($request_uri ~* (^/connect/.*|^/oauth2/.*)) {
 				return    401;
 			}
+
 			if ($request_uri ~* ^/(?!(^/api/.*))) {
-				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
 				add_header    Strict-Transport-Security   "max-age=31536000; includeSubDomains";
 			}
+
+			if ($request_uri ~* ^/(?!(api/|login|auth|oauth2|$))) {
+				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
+			}
 			return        302 /auth/self-service/login/browser;
 		}
 

setup/so-verify

@@ -69,6 +69,8 @@ log_has_errors() {
         grep -vE "Running scope as unit" | \
         grep -vE "securityonion-resources/sigma/stable" | \
         grep -vE "remove_failed_vm.sls" | \
+        grep -vE "failed to copy: httpReadSeeker" | \
+        grep -vE "Error response from daemon: failed to resolve reference" | \
         grep -vE "log-.*-pipeline_failed_attempts" &> "$error_log"
     
     if [[ $? -eq 0 ]]; then