From 302901791b0dd656737e8ab22c90094bccdeca7a Mon Sep 17 00:00:00 2001
From: Leo Lapworth <leo@cuckoo.org>
Date: Wed, 22 Feb 2017 19:58:11 +0000
Subject: [PATCH 1/2] lets make sure no caching at CDN for login/account stuff

---
 lib/MetaCPAN/Web/Controller/Account.pm | 2 ++
 lib/MetaCPAN/Web/Controller/Login.pm   | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/lib/MetaCPAN/Web/Controller/Account.pm b/lib/MetaCPAN/Web/Controller/Account.pm
index bd0510a1cc..8152b4764e 100644
--- a/lib/MetaCPAN/Web/Controller/Account.pm
+++ b/lib/MetaCPAN/Web/Controller/Account.pm
@@ -13,6 +13,8 @@ sub auto : Private {
     # this is for proxies
     $c->res->header( Vary => 'Cookie' );
 
+    $c->cdn_never_cache(1);
+
     if ( my $token = $c->token ) {
         $c->authenticate( { token => $token } );
     }
diff --git a/lib/MetaCPAN/Web/Controller/Login.pm b/lib/MetaCPAN/Web/Controller/Login.pm
index 075e6ecb01..6d32570071 100644
--- a/lib/MetaCPAN/Web/Controller/Login.pm
+++ b/lib/MetaCPAN/Web/Controller/Login.pm
@@ -7,6 +7,10 @@ BEGIN { extends 'MetaCPAN::Web::Controller' }
 
 sub index : Path : Args(0) {
     my ( $self, $c ) = @_;
+
+    # Never cache at CDN
+    $c->cdn_never_cache(1);
+
     if ( my $code = $c->req->parameters->{code} ) {
         my $data = $c->model('API')->request(
             '/oauth2/access_token',
@@ -29,6 +33,10 @@ sub index : Path : Args(0) {
 
 sub openid : Local : Args(0) {
     my ( $self, $c ) = @_;
+
+    # Never cache at CDN
+    $c->cdn_never_cache(1);
+
     $c->stash( { template => 'account/openid-login.html' } );
 }
 

From 1be21de099b29e8f278d7121ae3f06779214e7bc Mon Sep 17 00:00:00 2001
From: Leo Lapworth <leo@cuckoo.org>
Date: Wed, 22 Feb 2017 20:02:29 +0000
Subject: [PATCH 2/2] Cleaner to set Cache-Control: private

---
 lib/MetaCPAN/Web/Controller/Account.pm | 4 ----
 t/controller/account.t                 | 5 +++--
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/lib/MetaCPAN/Web/Controller/Account.pm b/lib/MetaCPAN/Web/Controller/Account.pm
index 8152b4764e..e729d2d724 100644
--- a/lib/MetaCPAN/Web/Controller/Account.pm
+++ b/lib/MetaCPAN/Web/Controller/Account.pm
@@ -9,10 +9,6 @@ BEGIN { extends 'MetaCPAN::Web::Controller' }
 sub auto : Private {
     my ( $self, $c ) = @_;
 
-    # Keep everything here as specific to the user
-    # this is for proxies
-    $c->res->header( Vary => 'Cookie' );
-
     $c->cdn_never_cache(1);
 
     if ( my $token = $c->token ) {
diff --git a/t/controller/account.t b/t/controller/account.t
index e7e50d43cc..dfc62a0987 100644
--- a/t/controller/account.t
+++ b/t/controller/account.t
@@ -36,8 +36,9 @@ test_psgi app, sub {
             'GET /account/profile without token'
         );
         is( $res->code, 403, '... and the user cannot get in' );
-        is( $res->header('Vary'),
-            'Cookie', '... and the Vary header for proxies is there' );
+        is( $res->header('Cache-Control'),
+            'private',
+            '... and the private Cache-Control header for proxies is there' );
         is( $authenticate_args, undef,
             '... and we did not try to authenticate' );