Don't leak cached authenticated requests #1

Archomeda · 2019-06-13T18:20:23Z

Currently authenticated requests can be cached when the server responds with an Expires header. This is fine. However, the cache does not differentiate request A with request B if the endpoint is the same, but the used API keys are different. These results need to be cached separately.

The text was updated successfully, but these errors were encountered:

Archomeda added Type: Bug Something isn't working Status: Ready Work is accepted and is planned for a future release Priority: High High priority Duration: Short Less than 2 hours of estimated work Area: Web cache Related to the web API caching labels Jun 13, 2019

Archomeda self-assigned this Jun 13, 2019

Archomeda added Status: In progress This is being worked on and removed Status: Ready Work is accepted and is planned for a future release labels Jun 13, 2019

Archomeda closed this as completed in fc22b27 Jun 13, 2019

Archomeda added Resolution: Fixed The issue has been fixed and removed Status: In progress This is being worked on labels Jun 13, 2019

Archomeda added a commit that referenced this issue Jun 13, 2019

Actually use the access token hash for #1, ref fc22b27

1bbdbac

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Don't leak cached authenticated requests #1

Don't leak cached authenticated requests #1

Archomeda commented Jun 13, 2019

Don't leak cached authenticated requests #1

Don't leak cached authenticated requests #1

Comments

Archomeda commented Jun 13, 2019