From 7fe9c7b9132fd96c1512b9ff9568abe7b09d1ec9 Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Mon, 31 Jul 2017 09:19:54 -0400
Subject: [PATCH] Disable caching for /authtoken endpoint

---
 awx/api/views.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/awx/api/views.py b/awx/api/views.py
index 2a264df821..469c491d75 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -28,6 +28,7 @@ from django.utils.encoding import smart_text, force_text
 from django.utils.safestring import mark_safe
 from django.utils.timezone import now
 from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.cache import never_cache
 from django.template.loader import render_to_string
 from django.core.servers.basehttp import FileWrapper
 from django.http import HttpResponse
@@ -664,6 +665,7 @@ class AuthTokenView(APIView):
             serializer._data = self.update_raw_data(serializer.data)
         return serializer
 
+    @never_cache
     def post(self, request):
         serializer = self.get_serializer(data=request.data)
         if serializer.is_valid():
@@ -696,7 +698,8 @@ class AuthTokenView(APIView):
             # Note: This header is normally added in the middleware whenever an
             # auth token is included in the request header.
             headers = {
-                'Auth-Token-Timeout': int(settings.AUTH_TOKEN_EXPIRATION)
+                'Auth-Token-Timeout': int(settings.AUTH_TOKEN_EXPIRATION),
+                'Pragma': 'no-cache',
             }
             return Response({'token': token.key, 'expires': token.expires}, headers=headers)
         if 'username' in request.data: