Disable browser caching for all static assets

Add no-cache middleware to set Cache-Control: no-store on CSS, JS,
asset, and HTML responses so code changes appear immediately.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/main.py

@@ -7,6 +7,8 @@ from contextlib import asynccontextmanager
 from fastapi import FastAPI, HTTPException, Request
 from fastapi.responses import FileResponse, JSONResponse
 from fastapi.staticfiles import StaticFiles
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import Response
 from pydantic import BaseModel
 
 from backend.auth import authenticate_user, create_token, logout
@@ -93,6 +95,26 @@ app = FastAPI(
 )
 
 
+# ---------------------------------------------------------------------------
+# No-cache middleware — prevent browsers from caching static assets
+# ---------------------------------------------------------------------------
+
+class NoCacheStaticMiddleware(BaseHTTPMiddleware):
+    """Add Cache-Control: no-store to all CSS, JS, and asset responses."""
+
+    async def dispatch(self, request: Request, call_next):
+        response: Response = await call_next(request)
+        path = request.url.path
+        if path.startswith(("/css/", "/js/", "/assets/")) or path in ("/", "/desktop") or path.endswith(".html"):
+            response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
+            response.headers["Pragma"] = "no-cache"
+            response.headers["Expires"] = "0"
+        return response
+
+
+app.add_middleware(NoCacheStaticMiddleware)
+
+
 # ---------------------------------------------------------------------------
 # Auth endpoints (not behind auth — they *create* auth)
 # ---------------------------------------------------------------------------