Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix caching logic with regards to Accept-Language, Cookie, and Signature #24604

Merged
merged 3 commits into from Apr 23, 2023
Merged

Fix caching logic with regards to Accept-Language, Cookie, and Signature #24604

merged 3 commits into from Apr 23, 2023

Commits on Apr 20, 2023

  1. Change app-wide default Cache-Control to be private, no-cache for con… 

    …sistency
    @ClearlyClaire
    ClearlyClaire committed Apr 20, 2023
    Copy the full SHA
    0a21524 View commit details
    Browse the repository at this point in the history

  2. Add Accept-Language and Cookie to Vary as required

    @ClearlyClaire
    ClearlyClaire committed Apr 20, 2023
    Copy the full SHA
    190a7f7 View commit details
    Browse the repository at this point in the history

  3. Forcefully disable cache on high-entropy headers 

    Prevents high-entropy cache keys such as `Cookie` (which would typically
change for every request), `Signature` (which would also typically change
for every request) or `Authorization` (which would be different for every
user), while allowing to `Vary` on them (to not serve anonymous cached data
to authenticated requests when authentication matters).
    @ClearlyClaire
    ClearlyClaire committed Apr 20, 2023
    Copy the full SHA
    583db3b View commit details
    Browse the repository at this point in the history