In order to solve a caching issue in IE I decorated my controllers with [ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]
When looking at the response headers in the browser developer tools I noticed that some of my controller action responses had the expected Cache-Control:no-store,no-cache
But others didn't. This was driving me nuts and after doing some digging I found the explanation in the msdn documentation
https://docs.microsoft.com/en-us/aspnet/core/performance/caching/middleware
So I tried disabling CSRF protection in my form by using the asp-antiforgery="false" attribute and sure enough the no-store directive was added to my response header.
So my question is: Is there any way to achieve this without having to sacrifice security by disabling CSRF protection in my forms? It definitely doesn't feel right to have to disable that just to prevent IE from caching my pages.
Thanks in advance for any help/advice that you can give me!
