fix(core): set Cache-Control: private, no-store on editor toolbar-injected HTML (#1398)

[marcusbellamyshaw-cell]

What does this PR do?

The request-context middleware injects the editor toolbar into public HTML for a logged-in editor but, unlike the preview branch, did not set Cache-Control: private, no-store. On a site fronted by a shared cache (Cloudflare, etc.), an editor merely browsing the public site primed the edge cache with toolbar-bearing HTML that was then served to all anonymous visitors — leaking the toolbar markup and the fact that a session was active.

injectToolbar now sets Cache-Control: private, no-store on the actual-injection path, mirroring the preview branch, so toolbar-bearing (session-specific) responses are never shared-cacheable. Responses where no toolbar is injected (non-HTML, or HTML without a </body>) keep their original cacheability.

Closes #1398

Type of change

• Bug fix

Checklist

• I have read CONTRIBUTING.md
• pnpm typecheck passes
• pnpm lint passes
• pnpm test passes (targeted: new + toolbar + cache-hints suites)
• pnpm format has been run
• I have added/updated tests for my changes
• I have added a changeset

AI-generated code disclosure

• This PR includes AI-generated code — model/tool: Claude Opus 4.8 ultracode

[changeset-bot]

🦋 Changeset detected

Latest commit: 56be105

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 16 packages

Name	Type
emdash	Patch
@emdash-cms/cloudflare	Patch
@emdash-cms/sandbox-workerd	Patch
@emdash-cms/fixture-perf-site	Patch
@emdash-cms/perf-demo-site	Patch
@emdash-cms/cache-demo-site	Patch
@emdash-cms/do-demo-site	Patch
@emdash-cms/do-solo-demo-site	Patch
@emdash-cms/admin	Patch
@emdash-cms/auth	Patch
@emdash-cms/blocks	Patch
@emdash-cms/gutenberg-to-portable-text	Patch
@emdash-cms/x402	Patch
create-emdash	Patch
@emdash-cms/auth-atproto	Patch
@emdash-cms/plugin-embeds	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@emdash-cms/admin

npm i https://pkg.pr.new/@emdash-cms/admin@1559

@emdash-cms/auth

npm i https://pkg.pr.new/@emdash-cms/auth@1559

@emdash-cms/auth-atproto

npm i https://pkg.pr.new/@emdash-cms/auth-atproto@1559

@emdash-cms/blocks

npm i https://pkg.pr.new/@emdash-cms/blocks@1559

@emdash-cms/cloudflare

npm i https://pkg.pr.new/@emdash-cms/cloudflare@1559

@emdash-cms/contentful-to-portable-text

npm i https://pkg.pr.new/@emdash-cms/contentful-to-portable-text@1559

emdash

npm i https://pkg.pr.new/emdash@1559

create-emdash

npm i https://pkg.pr.new/create-emdash@1559

@emdash-cms/gutenberg-to-portable-text

npm i https://pkg.pr.new/@emdash-cms/gutenberg-to-portable-text@1559

@emdash-cms/plugin-cli

npm i https://pkg.pr.new/@emdash-cms/plugin-cli@1559

@emdash-cms/plugin-types

npm i https://pkg.pr.new/@emdash-cms/plugin-types@1559

@emdash-cms/registry-client

npm i https://pkg.pr.new/@emdash-cms/registry-client@1559

@emdash-cms/registry-lexicons

npm i https://pkg.pr.new/@emdash-cms/registry-lexicons@1559

@emdash-cms/sandbox-workerd

npm i https://pkg.pr.new/@emdash-cms/sandbox-workerd@1559

@emdash-cms/x402

npm i https://pkg.pr.new/@emdash-cms/x402@1559

@emdash-cms/plugin-ai-moderation

npm i https://pkg.pr.new/@emdash-cms/plugin-ai-moderation@1559

@emdash-cms/plugin-atproto

npm i https://pkg.pr.new/@emdash-cms/plugin-atproto@1559

@emdash-cms/plugin-audit-log

npm i https://pkg.pr.new/@emdash-cms/plugin-audit-log@1559

@emdash-cms/plugin-color

npm i https://pkg.pr.new/@emdash-cms/plugin-color@1559

@emdash-cms/plugin-embeds

npm i https://pkg.pr.new/@emdash-cms/plugin-embeds@1559

@emdash-cms/plugin-field-kit

npm i https://pkg.pr.new/@emdash-cms/plugin-field-kit@1559

@emdash-cms/plugin-forms

npm i https://pkg.pr.new/@emdash-cms/plugin-forms@1559

@emdash-cms/plugin-webhook-notifier

npm i https://pkg.pr.new/@emdash-cms/plugin-webhook-notifier@1559

commit: 56be105