From 77886ddef50787509fb7b87d7e821f245f43d10b Mon Sep 17 00:00:00 2001
From: Kharec <sandro@cazzaniga.fr>
Date: Fri, 26 Dec 2025 17:33:12 +0100
Subject: [PATCH] fix: preserve security headers on cache hits

---
 internal/middleware/cache.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/internal/middleware/cache.go b/internal/middleware/cache.go
index 1445b12..8d87461 100644
--- a/internal/middleware/cache.go
+++ b/internal/middleware/cache.go
@@ -112,8 +112,11 @@ func CacheMiddleware(cache Cache, config *CacheConfig) func(http.Handler) http.H
 
 			if entry, err := cache.Get(cacheKey); err == nil {
 				for key, values := range entry.Headers {
-					for _, value := range values {
-						w.Header().Add(key, value)
+					if len(values) > 0 {
+						w.Header().Set(key, values[0])
+						for i := 1; i < len(values); i++ {
+							w.Header().Add(key, values[i])
+						}
 					}
 				}
 				w.Header().Set("X-Cache", "HIT")
@@ -155,6 +158,11 @@ type responseCapturer struct {
 
 func (rc *responseCapturer) WriteHeader(code int) {
 	rc.statusCode = code
+	for key, values := range rc.headers {
+		for _, value := range values {
+			rc.ResponseWriter.Header().Add(key, value)
+		}
+	}
 	rc.ResponseWriter.WriteHeader(code)
 }