From 6278a82751c720d9c306393fc3dbf3ba484509cf Mon Sep 17 00:00:00 2001
From: Peter Stone <thepeterstone@gmail.com>
Date: Sat, 7 Feb 2026 18:38:26 -1000
Subject: Add no-cache header tests, update SESSION_STATE with audit results

- Added TestHTMLResponse_SetsNoCacheHeaders and TestJSONResponse_SetsNoCacheHeaders
- Rewrote SESSION_STATE.md with verified test coverage per completed item
- Documented known gaps (Google API client unit tests, WebAuthn env vars)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 internal/handlers/handlers_test.go | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'internal')

diff --git a/internal/handlers/handlers_test.go b/internal/handlers/handlers_test.go
index b338aa2..6f7cc92 100644
--- a/internal/handlers/handlers_test.go
+++ b/internal/handlers/handlers_test.go
@@ -1538,6 +1538,27 @@ func TestHandleDeleteFeature(t *testing.T) {
 // Response Helper Tests
 // =============================================================================
 
+func TestHTMLResponse_SetsNoCacheHeaders(t *testing.T) {
+	w := httptest.NewRecorder()
+	r := NewMockRenderer()
+	HTMLResponse(w, r, "test", nil)
+
+	cc := w.Header().Get("Cache-Control")
+	if !strings.Contains(cc, "no-cache") {
+		t.Errorf("Expected Cache-Control no-cache, got %s", cc)
+	}
+}
+
+func TestJSONResponse_SetsNoCacheHeaders(t *testing.T) {
+	w := httptest.NewRecorder()
+	JSONResponse(w, map[string]string{"ok": "true"})
+
+	cc := w.Header().Get("Cache-Control")
+	if !strings.Contains(cc, "no-cache") {
+		t.Errorf("Expected Cache-Control no-cache, got %s", cc)
+	}
+}
+
 func TestHTMLString(t *testing.T) {
 	w := httptest.NewRecorder()
 	HTMLString(w, "<div>Test</div>")
-- 
cgit v1.2.3