grantonthenet
/
microblog
forked from berserker/microblog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add 'private' to Cache-Control, match Rails expectations (#20608)

Browse Source 
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
main^2^2^2
Daniel Axtens 1 year ago committed by GitHub
parent ac7a29f068
commit 4d85c27d1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 4 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      app/controllers/api/base_controller.rb
  2. 2
      app/controllers/auth/registrations_controller.rb
  3. 2
      app/controllers/oauth/authorizations_controller.rb
  4. 2
      app/controllers/settings/base_controller.rb

2
app/controllers/api/base_controller.rb
Unescape View File

@ -129,7 +129,7 @@ class Api::BaseController < ApplicationController
end
def set_cache_headers
response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
response.headers['Cache-Control'] = 'private, no-store'
end
def disallow_unauthenticated_api_access?

2
app/controllers/auth/registrations_controller.rb
Unescape View File

@ -154,6 +154,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController
end
def set_cache_headers
response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
response.headers['Cache-Control'] = 'private, no-store'
end
end

2
app/controllers/oauth/authorizations_controller.rb
Unescape View File

@ -30,6 +30,6 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
end
def set_cache_headers
response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
response.headers['Cache-Control'] = 'private, no-store'
end
end

2
app/controllers/settings/base_controller.rb
Unescape View File

@ -14,7 +14,7 @@ class Settings::BaseController < ApplicationController
end
def set_cache_headers
response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
response.headers['Cache-Control'] = 'private, no-store'
end
def require_not_suspended!

Write Preview
Loading…
Cancel
Save