From f085bbd0641693ee56f6d408b4493eb2e46d25cc Mon Sep 17 00:00:00 2001
From: Axel Guckelsberger <info@guite.de>
Date: Mon, 4 Oct 2021 09:04:46 +0200
Subject: [PATCH] disable caching headers in AbstractTheme if user is logged in

---
 CHANGELOG-3.0.md                              |  1 +
 src/system/ExtensionsModule/AbstractTheme.php | 11 ++++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG-3.0.md b/CHANGELOG-3.0.md
index 65b26c3cd8..be6da6aa73 100644
--- a/CHANGELOG-3.0.md
+++ b/CHANGELOG-3.0.md
@@ -10,6 +10,7 @@
   - [CoreBundle] Add `flex-wrap` class to pagination for responsive behaviour ([bs#23504](https://github.com/twbs/bootstrap/issues/23504)).
   - [Blocks] Strip script tags from XSLT block stylesheets.
   - [Categories] Sanitize context menu in admin category list.
+  - [Extensions] Disable caching headers in `AbstractTheme` if user is logged in.
   - [Theme] Fix resolving assets location on Windows if Zikula is installed in a sub directory (#4480).
   - [Permissions] Correctly handle non-existing username during permission testing.
   - [Users] Dispatch `UserPostLoginFailureEvent` after login failure as expected.
diff --git a/src/system/ExtensionsModule/AbstractTheme.php b/src/system/ExtensionsModule/AbstractTheme.php
index c02d949203..76ebb23f24 100644
--- a/src/system/ExtensionsModule/AbstractTheme.php
+++ b/src/system/ExtensionsModule/AbstractTheme.php
@@ -18,6 +18,7 @@
 use Symfony\Component\Yaml\Yaml;
 use Twig\Environment;
 use Zikula\ExtensionsModule\Api\VariableApi;
+use Zikula\UsersModule\Api\CurrentUserApi;
 
 abstract class AbstractTheme extends AbstractExtension
 {
@@ -75,8 +76,16 @@ public function generateThemedResponse(
         ]);
 
         $content = $twig->render('@' . $this->name . '/' . $template, ['maincontent' => $content]);
+        $response = new Response($content);
 
-        return new Response($content);
+        $isLoggedIn = $this->getContainer()->get(CurrentUserApi::class)->isLoggedIn();
+        if ($isLoggedIn) {
+            $response->headers->set('Cache-Control','nocache, no-store, max-age=0, must-revalidate');
+            $response->headers->set('Pragma','no-cache');
+            $response->headers->set('Expires','Sun, 02 Jan 1990 00:00:00 GMT');
+        }
+
+        return $response;
     }
 
     /**