From e257911d24eb276d7bf45213952c22919afdc282 Mon Sep 17 00:00:00 2001
From: devinxl <devin@nodereal.io>
Date: Sat, 11 May 2024 10:52:07 +0800
Subject: [PATCH] fix(dcellar-web-ui): browser cache getObjectMeta API and
 upgrade nextjs to prevent CVE-2024-34351

---
 apps/dcellar-web-ui/package.json         |  4 +--
 apps/dcellar-web-ui/src/facade/object.ts | 40 ++++++++++++++----------
 2 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/apps/dcellar-web-ui/package.json b/apps/dcellar-web-ui/package.json
index 20204448..b9040c65 100644
--- a/apps/dcellar-web-ui/package.json
+++ b/apps/dcellar-web-ui/package.json
@@ -34,7 +34,7 @@
     "dayjs": "^1.11.7",
     "ethers": "^5.7.2",
     "lodash-es": "^4.17.21",
-    "next": "~14.1.0",
+    "next": "~14.1.1",
     "query-string": "^8.1.0",
     "react": "~18.2.0",
     "react-dom": "~18.2.0",
@@ -80,7 +80,7 @@
     "eslint-config-prettier": "~9.1.0",
     "@typescript-eslint/eslint-plugin": "~7.0.2",
     "@typescript-eslint/parser": "~7.0.2",
-    "eslint-config-next": "~14.1.0",
+    "eslint-config-next": "~14.1.1",
     "eslint-plugin-react": "~7.33.2"
   },
   "lint-staged": {
diff --git a/apps/dcellar-web-ui/src/facade/object.ts b/apps/dcellar-web-ui/src/facade/object.ts
index 4390a3fd..90f17c9c 100644
--- a/apps/dcellar-web-ui/src/facade/object.ts
+++ b/apps/dcellar-web-ui/src/facade/object.ts
@@ -621,22 +621,30 @@ export const getObjectMeta = async (
     objectName,
   )}?object-meta`;
 
-  return axios.get(url).then(
-    (e) => {
-      const data = xmlParser.parse(e.data)?.GfSpGetObjectMetaResponse.Object as ObjectMeta;
-      return [data, null];
-    },
-    (e) => {
-      const { response } = e;
-      if (!response) return [null, { code: 500, message: 'Oops, something went wrong' }];
-
-      const error =
-        response?.status === 429
-          ? { code: response.status, message: 'SP not available. Try later.' }
-          : { message: xmlParser.parse(response.data)?.Error?.Message, code: response.status };
-      return [null, error];
-    },
-  );
+  return axios
+    .get(url, {
+      headers: {
+        'Cache-Control': 'no-cache',
+        Pragma: 'no-cache',
+        Expires: '0',
+      },
+    })
+    .then(
+      (e) => {
+        const data = xmlParser.parse(e.data)?.GfSpGetObjectMetaResponse.Object as ObjectMeta;
+        return [data, null];
+      },
+      (e) => {
+        const { response } = e;
+        if (!response) return [null, { code: 500, message: 'Oops, something went wrong' }];
+
+        const error =
+          response?.status === 429
+            ? { code: response.status, message: 'SP not available. Try later.' }
+            : { message: xmlParser.parse(response.data)?.Error?.Message, code: response.status };
+        return [null, error];
+      },
+    );
 };
 
 export const getObjectVersions = async (id: string): Promise<ObjectVersion[]> => {