Commit 113bf2428e for woocommerce
commit 113bf2428e653691e68346120567030b5bf1a307
Author: Neil Carlo Sucuangco <necafasu@gmail.com>
Date: Tue Jan 13 12:05:10 2026 +0800
Add no-cache response header to Store API cart endpoint (#62653)
diff --git a/plugins/woocommerce/changelog/62653-test-cart-cache-headers b/plugins/woocommerce/changelog/62653-test-cart-cache-headers
new file mode 100644
index 0000000000..c1265e2a6c
--- /dev/null
+++ b/plugins/woocommerce/changelog/62653-test-cart-cache-headers
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Add Cache-Control headers to cart API responses to prevent browser caching
\ No newline at end of file
diff --git a/plugins/woocommerce/src/StoreApi/Routes/V1/AbstractCartRoute.php b/plugins/woocommerce/src/StoreApi/Routes/V1/AbstractCartRoute.php
index d423f036e7..84d680e352 100644
--- a/plugins/woocommerce/src/StoreApi/Routes/V1/AbstractCartRoute.php
+++ b/plugins/woocommerce/src/StoreApi/Routes/V1/AbstractCartRoute.php
@@ -158,6 +158,7 @@ abstract class AbstractCartRoute extends AbstractRoute {
$response->header( 'User-ID', get_current_user_id() );
$response->header( 'Cart-Token', $this->get_cart_token() );
$response->header( 'Cart-Hash', WC()->cart->get_cart_hash() );
+ $response->header( 'Cache-Control', 'no-store' );
return $response;
}
diff --git a/plugins/woocommerce/tests/php/src/Blocks/StoreApi/Routes/Cart.php b/plugins/woocommerce/tests/php/src/Blocks/StoreApi/Routes/Cart.php
index de126f41ae..47a75ee757 100644
--- a/plugins/woocommerce/tests/php/src/Blocks/StoreApi/Routes/Cart.php
+++ b/plugins/woocommerce/tests/php/src/Blocks/StoreApi/Routes/Cart.php
@@ -613,6 +613,45 @@ class Cart extends ControllerTestCase {
);
}
+ /**
+ * Test that cart GET endpoint sends Cache-Control headers.
+ */
+ public function test_cart_get_endpoint_cache_control_headers() {
+ /** @var Spy_REST_Server $server */
+ $server = rest_get_server();
+
+ $server->serve_request( '/wc/store/cart' );
+
+ $this->assertArrayHasKey( 'Cache-Control', $server->sent_headers );
+ $this->assertStringContainsString( 'no-store', $server->sent_headers['Cache-Control'] );
+ }
+
+ /**
+ * Test that cart endpoint returns fresh data.
+ */
+ public function test_cart_get_endpoint_returns_fresh_data() {
+ wc_empty_cart();
+
+ /** @var Spy_REST_Server $server */
+ $server = rest_get_server();
+
+ $server->serve_request( '/wc/store/cart' );
+ $first_response = json_decode( $server->sent_body, true );
+ $this->assertEquals( 0, $first_response['items_count'] );
+ $this->assertEmpty( $first_response['items'] );
+
+ wc()->cart->add_to_cart( $this->products[0]->get_id(), 1 );
+
+ $server->serve_request( '/wc/store/cart' );
+ $second_response = json_decode( $server->sent_body, true );
+ $this->assertEquals( 1, $second_response['items_count'] );
+ $this->assertCount( 1, $second_response['items'] );
+ $this->assertEquals( $this->products[0]->get_id(), $second_response['items'][0]['id'] );
+
+ $this->assertArrayHasKey( 'Cache-Control', $server->sent_headers );
+ $this->assertStringContainsString( 'no-store', $server->sent_headers['Cache-Control'] );
+ }
+
/**
* Test adding a variable product to cart returns proper variation data.
*/