From 5ba82ea69668ac36af488121e4367b942898ce12 Mon Sep 17 00:00:00 2001
From: John Morrison <jrgmorrison@gmail.com>
Date: Thu, 19 Jan 2017 10:00:12 -0800
Subject: [PATCH] fix(headers): make "cache-control" value configurable

---
 lib/config.js        | 5 +++++
 lib/server/config.js | 4 +++-
 test/lib/util.js     | 9 +++++----
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/lib/config.js b/lib/config.js
index 0f17cbec1..00b6642dd 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -311,6 +311,11 @@ const conf = convict({
       doc: 'Bytes of generated developer ids',
       default: 16
     }
+  },
+  cacheControl: {
+    doc: 'Hapi: a string with the value of the "Cache-Control" header when caching is disabled',
+    format: String,
+    default: 'private, no-cache, no-store, must-revalidate'
   }
 });
 
diff --git a/lib/server/config.js b/lib/server/config.js
index ec7e3060e..f72163975 100644
--- a/lib/server/config.js
+++ b/lib/server/config.js
@@ -2,11 +2,13 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+const config = require('../config').getProperties();
+
 module.exports = {
   connections: {
     routes: {
       cache: {
-        otherwise: 'private, no-cache, no-store, must-revalidate'
+        otherwise: config.cacheControl
       },
       cors: true,
       payload: {
diff --git a/test/lib/util.js b/test/lib/util.js
index 8dacb2ba0..45bccf3a7 100644
--- a/test/lib/util.js
+++ b/test/lib/util.js
@@ -3,20 +3,21 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 const assert = require('insist');
+const config = require('../../lib/config').getProperties();
 
 function assertSecurityHeaders(res) {
-  var expect = {
+  const expect = {
     'strict-transport-security': 'max-age=15552000; includeSubDomains',
     'x-content-type-options': 'nosniff',
     'x-xss-protection': '1; mode=block',
-    'x-frame-options': 'DENY',
-    'cache-control': 'private, no-cache, no-store, must-revalidate'
+    'x-frame-options': 'DENY'
   };
 
   Object.keys(expect).forEach(function(header) {
-    assert.ok(res.headers[header]);
     assert.equal(res.headers[header], expect[header]);
   });
+
+  assert.equal(res.headers['cache-control'], config.cacheControl);
 }
 
 module.exports = {