Tell the browser to vary its cache by DNT (Do Not Track) (#2817)

Author: kumar303

config/default.js

@@ -242,4 +242,10 @@ module.exports = {
   // The amount of time (in seconds) that an auth token lives for. This is
   // currently only used in AMO.
   authTokenValidFor: null,
+
+  // The number of seconds the client should cache all responses for.
+  // If null, no caching headers will be sent.
+  // This setting is intended to simulate the Discopane's nginx cache
+  // header for development purposes.
+  cacheAllResponsesFor: null,
 };

config/test.js

@@ -1,6 +1,8 @@
 // Put any test configuration overrides here.
 module.exports = {
+  appName: 'test-app-set-from-config',
   apiHost: 'https://localhost',
   allowErrorSimulation: true,
   enableClientConsole: true,
+  isDeployed: false,
 };

package.json

@@ -223,6 +223,7 @@
     "stylelint": "^8.0.0",
     "stylelint-config-standard": "^17.0.0",
     "stylelint-config-suitcss": "^10.0.0",
+    "supertest": "^3.0.0",
     "svg-url-loader": "^2.0.2",
     "tmp": "^0.0.31",
     "tosource": "^1.0.0",

src/core/middleware/prefixMiddleware.js

@@ -109,14 +109,12 @@ export function prefixMiddleware(req, res, next, { _config = config } = {}) {
     // Collect vary headers to apply to the redirect
     // so we can make it cacheable.
     // TODO: Make the redirects cacheable by adding expires headers.
-    const varyHeaders = [];
     if (isLangFromHeader) {
-      varyHeaders.push('accept-language');
+      res.vary('accept-language');
     }
     if (isApplicationFromHeader) {
-      varyHeaders.push('user-agent');
+      res.vary('user-agent');
     }
-    res.set('vary', varyHeaders);
     return res.redirect(302, newURL);
   }
 

src/core/server/base.js

@@ -199,6 +199,22 @@ function baseServer(routes, createStore, { appInstanceName = appName } = {}) {
       webpackIsomorphicTools.refresh();
     }
 
+    const cacheAllResponsesFor = config.get('cacheAllResponsesFor');
+    if (cacheAllResponsesFor) {
+      if (!isDevelopment) {
+        throw new Error(oneLine`You cannot simulate the cache with
+          the cacheAllResponsesFor config value when isDevelopment is false.
+          In other words, we already do caching in hosted environments
+          (via nginx) so this would be confusing!`);
+      }
+      log.warn(oneLine`Sending a Cache-Control header so that the client caches
+        all requests for ${cacheAllResponsesFor} seconds`);
+      res.set('Cache-Control', `public, max-age=${cacheAllResponsesFor}`);
+    }
+
+    // Vary the cache on Do Not Track headers.
+    res.vary('DNT');
+
     match({ location: req.url, routes }, (
       matchError, redirectLocation, renderProps
     ) => {

tests/unit/core/containers/TestServerHtml.js

@@ -1,59 +1,31 @@
 import Helmet from 'react-helmet';
 import React from 'react';
-import PropTypes from 'prop-types';
 import { findDOMNode } from 'react-dom';
 import {
   findRenderedDOMComponentWithTag,
   renderIntoDocument,
 } from 'react-addons-test-utils';
 
 import ServerHtml from 'core/containers/ServerHtml';
+import FakeApp, {
+  fakeAssets, fakeSRIData,
+} from 'tests/unit/core/server/fakeApp';
 
 describe('<ServerHtml />', () => {
+  const _helmentCanUseDOM = Helmet.canUseDOM;
+
   beforeEach(() => {
     Helmet.canUseDOM = false;
   });
 
+  afterEach(() => {
+    Helmet.canUseDOM = _helmentCanUseDOM;
+  });
+
   const fakeStore = {
     getState: () => ({ foo: 'bar' }),
   };
 
-  const fakeAssets = {
-    styles: {
-      disco: '/bar/disco-blah.css',
-      search: '/search-blah.css',
-    },
-    javascript: {
-      disco: '/foo/disco-blah.js',
-      search: '/search-blah.js',
-    },
-  };
-
-  const fakeSRIData = {
-    'disco-blah.css': 'sha512-disco-css',
-    'search-blah.css': 'sha512-search-css',
-    'disco-blah.js': 'sha512-disco-js',
-    'search-blah.js': 'sha512-search-js',
-  };
-
-  class FakeApp extends React.Component {
-    static propTypes = {
-      children: PropTypes.node,
-    }
-
-    render() {
-      const { children } = this.props;
-      return (
-        <div>
-          <Helmet defaultTitle="test title">
-            <meta name="description" content="test meta" />
-          </Helmet>
-          {children}
-        </div>
-      );
-    }
-  }
-
   function render(opts = {}) {
     const pageProps = {
       appName: 'disco',

tests/unit/core/middleware/test_prefixMiddleware.js

@@ -13,6 +13,7 @@ describe('Prefix Middleware', () => {
       redirect: sinon.stub(),
       set: sinon.stub(),
       status: () => ({ end: sinon.stub() }),
+      vary: sinon.stub(),
     };
     fakeConfig = new Map();
     fakeConfig.set('validClientApplications', ['firefox', 'android']);
@@ -27,8 +28,8 @@ describe('Prefix Middleware', () => {
       headers: {},
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/en-US/firefox']);
-    expect(fakeNext.called).toBeFalsy();
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/en-US/firefox');
+    sinon.assert.notCalled(fakeNext);
   });
 
   it('should call res.redirect if handed a locale insted of a lang', () => {
@@ -37,8 +38,8 @@ describe('Prefix Middleware', () => {
       headers: {},
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/en-US/firefox']);
-    expect(fakeNext.called).toBeFalsy();
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/en-US/firefox');
+    sinon.assert.notCalled(fakeNext);
   });
 
   it('should add an application when missing', () => {
@@ -47,7 +48,7 @@ describe('Prefix Middleware', () => {
       headers: {},
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/en-US/firefox/whatever/']);
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/en-US/firefox/whatever/');
   });
 
   it('should prepend a lang when missing but leave a valid app intact', () => {
@@ -56,8 +57,8 @@ describe('Prefix Middleware', () => {
       headers: {},
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/en-US/firefox/whatever']);
-    expect(fakeRes.set.firstCall.args).toEqual(['vary', []]);
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/en-US/firefox/whatever');
+    sinon.assert.notCalled(fakeRes.vary);
   });
 
   it('should prepend lang when missing but keep clientAppUrlException', () => {
@@ -66,8 +67,8 @@ describe('Prefix Middleware', () => {
       headers: {},
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/en-US/validprefix/whatever']);
-    expect(fakeRes.set.firstCall.args).toEqual(['vary', []]);
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/en-US/validprefix/whatever');
+    sinon.assert.notCalled(fakeRes.vary);
   });
 
   it('should render 404 when a localeURL exception exists', () => {
@@ -77,7 +78,7 @@ describe('Prefix Middleware', () => {
     };
     const statusSpy = sinon.spy(fakeRes, 'status');
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(statusSpy.firstCall.args).toEqual([404]);
+    sinon.assert.calledWith(statusSpy, 404);
   });
 
   it('should redirect a locale exception at the root', () => {
@@ -87,9 +88,9 @@ describe('Prefix Middleware', () => {
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
 
-    expect(fakeRes.redirect.firstCall.args).toEqual([302,
-      '/firefox/downloads/file/224748/my-addon-4.9.21-fx%2Bsm.xpi']);
-    expect(fakeRes.set.firstCall.args).toEqual(['vary', ['user-agent']]);
+    sinon.assert.calledWith(fakeRes.redirect, 302,
+      '/firefox/downloads/file/224748/my-addon-4.9.21-fx%2Bsm.xpi');
+    sinon.assert.calledWith(fakeRes.vary, 'user-agent');
   });
 
   it('should redirect a locale exception nested in a valid locale', () => {
@@ -99,9 +100,9 @@ describe('Prefix Middleware', () => {
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
 
-    expect(fakeRes.redirect.firstCall.args).toEqual([302,
-      '/firefox/downloads/file/224748/my-addon-4.9.21-fx%2Bsm.xpi']);
-    expect(fakeRes.set.firstCall.args).toEqual(['vary', ['user-agent']]);
+    sinon.assert.calledWith(fakeRes.redirect, 302,
+      '/firefox/downloads/file/224748/my-addon-4.9.21-fx%2Bsm.xpi');
+    sinon.assert.calledWith(fakeRes.vary, 'user-agent');
   });
 
   it('should render a 404 when a clientApp URL exception is found', () => {
@@ -111,7 +112,7 @@ describe('Prefix Middleware', () => {
     };
     const statusSpy = sinon.spy(fakeRes, 'status');
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(statusSpy.firstCall.args).toEqual([404]);
+    sinon.assert.calledWith(statusSpy, 404);
   });
 
   it('should set lang when invalid, preserving clientApp URL exception', () => {
@@ -120,8 +121,8 @@ describe('Prefix Middleware', () => {
       headers: {},
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/en-US/developers/']);
-    expect(fakeRes.set.firstCall.args).toEqual(['vary', []]);
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/en-US/developers/');
+    sinon.assert.notCalled(fakeRes.vary);
   });
 
   it('should render a 404 with clientApp exception', () => {
@@ -131,7 +132,7 @@ describe('Prefix Middleware', () => {
     };
     const statusSpy = sinon.spy(fakeRes, 'status');
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(statusSpy.firstCall.args).toEqual([404]);
+    sinon.assert.calledWith(statusSpy, 404);
   });
 
   it('should fallback to and vary on accept-language headers', () => {
@@ -142,8 +143,8 @@ describe('Prefix Middleware', () => {
       },
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/pt-BR/firefox/whatever']);
-    expect(fakeRes.set.firstCall.args[1]).toEqual(['accept-language']);
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/pt-BR/firefox/whatever');
+    sinon.assert.calledWith(fakeRes.vary, 'accept-language');
   });
 
   it('should map aliased langs', () => {
@@ -152,7 +153,7 @@ describe('Prefix Middleware', () => {
       headers: {},
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/pt-PT/firefox/whatever']);
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/pt-PT/firefox/whatever');
   });
 
   it('should vary on accept-language and user-agent', () => {
@@ -163,8 +164,9 @@ describe('Prefix Middleware', () => {
       },
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/pt-BR/firefox/whatever']);
-    expect(fakeRes.set.firstCall.args[1]).toEqual(['accept-language', 'user-agent']);
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/pt-BR/firefox/whatever');
+    sinon.assert.calledWith(fakeRes.vary, 'accept-language');
+    sinon.assert.calledWith(fakeRes.vary, 'user-agent');
   });
 
   it('should find the app based on ua string', () => {
@@ -175,8 +177,8 @@ describe('Prefix Middleware', () => {
       },
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/en-US/android/whatever']);
-    expect(fakeRes.set.firstCall.args[1]).toEqual(['user-agent']);
+    sinon.assert.calledWith(fakeRes.redirect, 302, '/en-US/android/whatever');
+    sinon.assert.calledWith(fakeRes.vary, 'user-agent');
   });
 
   it('should populate res.locals for a valid request', () => {
@@ -187,7 +189,7 @@ describe('Prefix Middleware', () => {
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
     expect(fakeRes.locals.lang).toEqual('en-US');
     expect(fakeRes.locals.clientApp).toEqual('firefox');
-    expect(fakeRes.redirect.called).toBeFalsy();
+    sinon.assert.notCalled(fakeRes.redirect);
   });
 
   it('should not populate res.locals for a redirection', () => {
@@ -198,7 +200,7 @@ describe('Prefix Middleware', () => {
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
     expect(fakeRes.locals.lang).toEqual(undefined);
     expect(fakeRes.locals.clientApp).toEqual(undefined);
-    expect(fakeRes.redirect.called).toBeTruthy();
+    sinon.assert.called(fakeRes.redirect);
   });
 
   it('should not mangle a query string for a redirect', () => {
@@ -207,6 +209,7 @@ describe('Prefix Middleware', () => {
       headers: {},
     };
     prefixMiddleware(fakeReq, fakeRes, fakeNext, { _config: fakeConfig });
-    expect(fakeRes.redirect.firstCall.args).toEqual([302, '/en-US/firefox/foo/bar?test=1&bar=2']);
+    sinon.assert.calledWith(fakeRes.redirect, 302,
+      '/en-US/firefox/foo/bar?test=1&bar=2');
   });
 });

tests/unit/core/server/fakeApp.js

@@ -0,0 +1,39 @@
+import PropTypes from 'prop-types';
+import React from 'react';
+import Helmet from 'react-helmet';
+
+export const fakeAssets = {
+  styles: {
+    disco: '/bar/disco-blah.css',
+    search: '/search-blah.css',
+  },
+  javascript: {
+    disco: '/foo/disco-blah.js',
+    search: '/search-blah.js',
+  },
+};
+
+export const fakeSRIData = {
+  'disco-blah.css': 'sha512-disco-css',
+  'search-blah.css': 'sha512-search-css',
+  'disco-blah.js': 'sha512-disco-js',
+  'search-blah.js': 'sha512-search-js',
+};
+
+export default class FakeApp extends React.Component {
+  static propTypes = {
+    children: PropTypes.node,
+  }
+
+  render() {
+    const { children } = this.props;
+    return (
+      <div>
+        <Helmet defaultTitle="test title">
+          <meta name="description" content="test meta" />
+        </Helmet>
+        {children}
+      </div>
+    );
+  }
+}