p0-h4-pwa-cache-api-leak

donetype/backlogpriority/p0severity/hightopic/authtopic/pwa

p0 · H4 · PWA caches authenticated API GETs to disk

TL;DR

api-reads StaleWhileRevalidate removed; /api/* GETs use NetworkOnly in next.config.mjs (f21f71d).

Status: done (2026-05-18) · Source: [[Projects/personal-finance-notion/context/audit-2026-05-17-auth|Auth audit 2026-05-17 §H4]]

Shipped

next.config.mjs — no cross-user API response cache on shared devices

Spun out

None.

Related

App repo: next.config.mjs runtimeCaching