diff options
| author | Rémy Coutable <remy@rymai.me> | 2019-02-19 19:33:49 +0300 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2019-02-26 14:54:31 +0300 |
| commit | d19331833844b8f0bab46b4a0e5f1ae43b0eab0c (patch) | |
| tree | 955df0de75737cc152c892e523e731695a465a5c | |
| parent | b0097199a329c4de4eacc99a7d46d62c4ec0a1e0 (diff) | |
Fix ETag caching not being used for AJAX requests
Signed-off-by: Rémy Coutable <remy@rymai.me>
| -rw-r--r-- | app/controllers/application_controller.rb | 23 | ||||
| -rw-r--r-- | changelogs/unreleased/57905-etag-caching-probably-broken-since-11-5-0.yml | 5 | ||||
| -rw-r--r-- | spec/controllers/application_controller_spec.rb | 8 |
3 files changed, 29 insertions, 7 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index af0b0c64814..b7eb6af6d67 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -43,7 +43,10 @@ class ApplicationController < ActionController::Base :git_import_enabled?, :gitlab_project_import_enabled?, :manifest_import_enabled? + # Adds `no-store` to the DEFAULT_CACHE_CONTROL, to prevent security + # concerns due to caching private data. DEFAULT_GITLAB_CACHE_CONTROL = "#{ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL}, no-store".freeze + DEFAULT_GITLAB_CONTROL_NO_CACHE = "#{DEFAULT_GITLAB_CACHE_CONTROL}, no-cache".freeze rescue_from Encoding::CompatibilityError do |exception| log_exception(exception) @@ -235,9 +238,9 @@ class ApplicationController < ActionController::Base end def no_cache_headers - response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate" - response.headers["Pragma"] = "no-cache" - response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT" + headers['Cache-Control'] = DEFAULT_GITLAB_CONTROL_NO_CACHE + headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility + headers['Expires'] = 'Fri, 01 Jan 1990 00:00:00 GMT' end def default_headers @@ -247,10 +250,16 @@ class ApplicationController < ActionController::Base headers['X-Content-Type-Options'] = 'nosniff' if current_user - # Adds `no-store` to the DEFAULT_CACHE_CONTROL, to prevent security - # concerns due to caching private data. - headers['Cache-Control'] = DEFAULT_GITLAB_CACHE_CONTROL - headers["Pragma"] = "no-cache" # HTTP 1.0 compatibility + headers['Cache-Control'] = default_cache_control + headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility + end + end + + def default_cache_control + if request.xhr? + ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL + else + DEFAULT_GITLAB_CACHE_CONTROL end end diff --git a/changelogs/unreleased/57905-etag-caching-probably-broken-since-11-5-0.yml b/changelogs/unreleased/57905-etag-caching-probably-broken-since-11-5-0.yml new file mode 100644 index 00000000000..046ef8ee99e --- /dev/null +++ b/changelogs/unreleased/57905-etag-caching-probably-broken-since-11-5-0.yml @@ -0,0 +1,5 @@ +--- +title: Fix ETag caching not being used for AJAX requests +merge_request: 25400 +author: +type: fixed diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index c9e520317e8..dca74bd5f84 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -665,6 +665,14 @@ describe ApplicationController do expect(response.headers['Cache-Control']).to eq 'max-age=0, private, must-revalidate, no-store' end + + it 'does not set the "no-store" header for XHR requests' do + sign_in(user) + + get :index, xhr: true + + expect(response.headers['Cache-Control']).to eq 'max-age=0, private, must-revalidate' + end end end end |