about summary refs log tree commit diff
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2018-01-04 14:39:38 +0100
committerEugen Rochko <eugen@zeonfederated.com>2018-01-04 14:39:38 +0100
commit3bee0996c509f4b416096094061edbc9c10f5632 (patch)
treea9701cc8b84dfe0bf360450733d53d8c81ee5010
parent89daeb43a88321d6568eeb6ffac68bdc810e41b5 (diff)
Make sure private toots remain private and do not end up in HTTP caches (#6175)
-rw-r--r--app/controllers/application_controller.rb3
-rw-r--r--app/controllers/statuses_controller.rb4
2 files changed, 4 insertions, 3 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e17d1f26e..f59f2725b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -124,6 +124,7 @@ class ApplicationController < ActionController::Base
 
   def render_cached_json(cache_key, **options)
     options[:expires_in] ||= 3.minutes
+    options[:public]     ||= true
     cache_key              = cache_key.join(':') if cache_key.is_a?(Enumerable)
     content_type           = options.delete(:content_type) || 'application/json'
 
@@ -131,7 +132,7 @@ class ApplicationController < ActionController::Base
       yield.to_json
     end
 
-    expires_in options[:expires_in], public: true
+    expires_in options[:expires_in], public: options[:public]
     render json: data, content_type: content_type
   end
 
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 1a440fd59..367ea34e7 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -24,7 +24,7 @@ class StatusesController < ApplicationController
       format.json do
         skip_session! unless @stream_entry.hidden?
 
-        render_cached_json(['activitypub', 'note', @status.cache_key], content_type: 'application/activity+json') do
+        render_cached_json(['activitypub', 'note', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
           ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter)
         end
       end
@@ -34,7 +34,7 @@ class StatusesController < ApplicationController
   def activity
     skip_session!
 
-    render_cached_json(['activitypub', 'activity', @status.cache_key], content_type: 'application/activity+json') do
+    render_cached_json(['activitypub', 'activity', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
       ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter)
     end
   end