about summary refs log tree commit diff
path: root/app/controllers/admin/account_moderation_notes_controller.rb
diff options
context:
space:
mode:
authorDaniel Axtens <daniel@axtens.net>2022-11-16 14:56:30 +1100
committerGitHub <noreply@github.com>2022-11-16 04:56:30 +0100
commit4d85c27d1adc83aadd219767dbdc7e17b05230b0 (patch)
tree751ca03a6e6aeb6350f310bf2a597e766624f11e /app/controllers/admin/account_moderation_notes_controller.rb
parentac7a29f06842b6ddb3e509a8eb61fffca3285a7d (diff)
Add 'private' to Cache-Control, match Rails expectations (#20608)
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
https://github.com/rails/rails/blob/8015c2c2cf5c8718449677570f372ceb01318a32/actionpack/lib/action_dispatch/http/cache.rb#L207-L209

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
Diffstat (limited to 'app/controllers/admin/account_moderation_notes_controller.rb')
0 files changed, 0 insertions, 0 deletions