From eca887eadb1e69f38718dc343b514dceb1a1c4be Mon Sep 17 00:00:00 2001
From: Stefan Hacker <duffy@debian-linux-terminal.local>
Date: Sat, 6 Jun 2026 16:13:12 +0200
Subject: [PATCH] F-12 Cache-Control + F-14 Favicon

- F-12: HTML-Antworten erhalten 'Cache-Control: no-store' (Formulare/Session
  nicht cachebar); statische Assets bleiben cachebar.
- F-14: Favicon (bi-globe2 als SVG, Logo-Farbe) inkl. /favicon.ico-Route und
  <link rel="icon"> in allen Templates -> kein 404-Rauschen mehr.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 app/main.py              | 8 ++++++++
 app/static/favicon.svg   | 3 +++
 app/templates/base.html  | 1 +
 app/templates/error.html | 1 +
 app/templates/login.html | 1 +
 5 files changed, 14 insertions(+)
 create mode 100644 app/static/favicon.svg

diff --git a/app/main.py b/app/main.py
index e31806d..df8f5ae 100644
--- a/app/main.py
+++ b/app/main.py
@@ -57,6 +57,9 @@ def _security_headers(resp):
     resp.headers['X-Content-Type-Options'] = 'nosniff'
     resp.headers['Referrer-Policy'] = 'no-referrer'
     resp.headers.setdefault('Content-Security-Policy', CSP)
+    # HTML-Seiten (Formulare/Session-Daten) nicht cachen lassen.
+    if resp.mimetype == 'text/html':
+        resp.headers['Cache-Control'] = 'no-store'
     return resp
 
 
@@ -225,6 +228,11 @@ def index():
     return redirect(url_for('dashboard') if 'admin_id' in session else url_for('login'))
 
 
+@app.route('/favicon.ico')
+def favicon():
+    return app.send_static_file('favicon.svg')
+
+
 @app.route('/login', methods=['GET', 'POST'])
 def login():
     if request.method == 'POST':
diff --git a/app/static/favicon.svg b/app/static/favicon.svg
new file mode 100644
index 0000000..1d4716e
--- /dev/null
+++ b/app/static/favicon.svg
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="#4fc3f7" class="bi bi-globe2" viewBox="0 0 16 16">
+  <path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8m7.5-6.923c-.67.204-1.335.82-1.887 1.855q-.215.403-.395.872c.705.157 1.472.257 2.282.287zM4.249 3.539q.214-.577.481-1.078a7 7 0 0 1 .597-.933A7 7 0 0 0 3.051 3.05q.544.277 1.198.49zM3.509 7.5c.036-1.07.188-2.087.436-3.008a9 9 0 0 1-1.565-.667A6.96 6.96 0 0 0 1.018 7.5zm1.4-2.741a12.3 12.3 0 0 0-.4 2.741H7.5V5.091c-.91-.03-1.783-.145-2.591-.332M8.5 5.09V7.5h2.99a12.3 12.3 0 0 0-.399-2.741c-.808.187-1.681.301-2.591.332zM4.51 8.5c.035.987.176 1.914.399 2.741A13.6 13.6 0 0 1 7.5 10.91V8.5zm3.99 0v2.409c.91.03 1.783.145 2.591.332.223-.827.364-1.754.4-2.741zm-3.282 3.696q.18.469.395.872c.552 1.035 1.218 1.65 1.887 1.855V11.91c-.81.03-1.577.13-2.282.287zm.11 2.276a7 7 0 0 1-.598-.933 9 9 0 0 1-.481-1.079 8.4 8.4 0 0 0-1.198.49 7 7 0 0 0 2.276 1.522zm-1.383-2.964A13.4 13.4 0 0 1 3.508 8.5h-2.49a6.96 6.96 0 0 0 1.362 3.675c.47-.258.995-.482 1.565-.667m6.728 2.964a7 7 0 0 0 2.275-1.521 8.4 8.4 0 0 0-1.197-.49 9 9 0 0 1-.481 1.078 7 7 0 0 1-.597.933M8.5 11.909v3.014c.67-.204 1.335-.82 1.887-1.855q.216-.403.395-.872A12.6 12.6 0 0 0 8.5 11.91zm3.555-.401c.57.185 1.095.409 1.565.667A6.96 6.96 0 0 0 14.982 8.5h-2.49a13.4 13.4 0 0 1-.437 3.008M14.982 7.5a6.96 6.96 0 0 0-1.362-3.675c-.47.258-.995.482-1.565.667.248.92.4 1.938.437 3.008zM11.27 2.461q.266.502.482 1.078a8.4 8.4 0 0 0 1.196-.49 7 7 0 0 0-2.275-1.52c.218.283.418.597.597.932m-.488 1.343a8 8 0 0 0-.395-.872C9.835 1.897 9.17 1.282 8.5 1.077V4.09c.81-.03 1.577-.13 2.282-.287z"/>
+</svg>
diff --git a/app/templates/base.html b/app/templates/base.html
index 3dc9fbe..4b7d1c9 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -4,6 +4,7 @@
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>{% block title %}DynDNS Manager{% endblock %}</title>
+  <link rel="icon" href="{{ url_for('static', filename='favicon.svg') }}" type="image/svg+xml">
   <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css">
   <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
   <link rel="stylesheet" href="{{ url_for('static', filename='css/app.css') }}">
diff --git a/app/templates/error.html b/app/templates/error.html
index 17eb49b..872f467 100644
--- a/app/templates/error.html
+++ b/app/templates/error.html
@@ -4,6 +4,7 @@
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>{{ code }} — DynDNS Manager</title>
+  <link rel="icon" href="{{ url_for('static', filename='favicon.svg') }}" type="image/svg+xml">
   <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css">
   <link rel="stylesheet" href="{{ url_for('static', filename='css/login.css') }}">
 </head>
diff --git a/app/templates/login.html b/app/templates/login.html
index f5339c1..e2d8b50 100644
--- a/app/templates/login.html
+++ b/app/templates/login.html
@@ -4,6 +4,7 @@
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>Login — DynDNS Manager</title>
+  <link rel="icon" href="{{ url_for('static', filename='favicon.svg') }}" type="image/svg+xml">
   <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css">
   <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
   <link rel="stylesheet" href="{{ url_for('static', filename='css/login.css') }}">