Skip to content

Add Cache-Control header to html and api responses, add no-transform #20432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Jul 23, 2022
Merged

Add Cache-Control header to html and api responses, add no-transform #20432

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
b62c51a
Add Cache-Control header to html/api responses, add no-transform
silverwind Jul 21, 2022
7224410
Add noTranform argument to function
silverwind Jul 21, 2022
08313ca
use 0
silverwind Jul 21, 2022
61094da
accept slice of string
silverwind Jul 21, 2022
e15ddca
Apply suggestions from code review
wxiaoguang Jul 21, 2022
f47846b
Apply suggestions from code review
wxiaoguang Jul 21, 2022
4e79cb3
Update modules/context/api.go
wxiaoguang Jul 21, 2022
16d5830
Merge branch 'main' into no-tranform
wxiaoguang Jul 21, 2022
0e6e80d
use no-store instead of max-age=0
silverwind Jul 22, 2022
31b4f8f
add private directive only when actually allowing storage
silverwind Jul 22, 2022
588b0bb
remove comment
silverwind Jul 22, 2022
6a7fcff
use varargs notation
zeripath Jul 22, 2022
2ff48b9
Merge branch 'main' into no-tranform
zeripath Jul 22, 2022
78cedac
minor refactor
silverwind Jul 22, 2022
171294c
fix misnamed variable
zeripath Jul 22, 2022
be67ac9
Merge branch 'main' into no-tranform
wxiaoguang Jul 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions modules/context/api.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/modules/cache"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/httpcache"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/web/middleware"
Expand Down Expand Up @@ -268,6 +269,7 @@ func APIContexter() func(http.Handler) http.Handler {
}
}

httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, []string{"no-tranform"})
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

ctx.Data["Context"] = &ctx
Expand Down
2 changes: 2 additions & 0 deletions modules/context/context.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
"code.gitea.io/gitea/modules/base"
mc "code.gitea.io/gitea/modules/cache"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/httpcache"
"code.gitea.io/gitea/modules/json"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
Expand Down Expand Up @@ -767,6 +768,7 @@ func Contexter() func(next http.Handler) http.Handler {
}
}

httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, []string{"no-transform"})
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

ctx.Data["CsrfToken"] = ctx.csrf.GetToken()
Expand Down
21 changes: 13 additions & 8 deletions modules/httpcache/httpcache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,21 @@ import (
)

// AddCacheControlToHeader adds suitable cache-control headers to response
func AddCacheControlToHeader(h http.Header, d time.Duration) {
func AddCacheControlToHeader(h http.Header, d time.Duration, additionalDirectives []string) {
directives := make([]string, 0, 2+len(additionalDirectives))

if setting.IsProd {
h.Set("Cache-Control", "private, max-age="+strconv.Itoa(int(d.Seconds())))
directives = append(directives, "private")
directives = append(directives, "max-age="+strconv.Itoa(int(d.Seconds())))
} else {
h.Set("Cache-Control", "no-store")
directives = append(directives, "no-store")

// to remind users they are using non-prod setting.
// some users may be confused by "Cache-Control: no-store" in their setup if they did wrong to `RUN_MODE` in `app.ini`.
h.Add("X-Gitea-Debug", "RUN_MODE="+setting.RunMode)
h.Add("X-Gitea-Debug", "CacheControl=no-store")
}

directives = append(directives, additionalDirectives...)
h.Set("Cache-Control", strings.Join(directives, ", "))
}

// generateETag generates an ETag based on size, filename and file modification time
Expand All @@ -42,7 +47,7 @@ func HandleTimeCache(req *http.Request, w http.ResponseWriter, fi os.FileInfo) (

// HandleGenericTimeCache handles time-based caching for a HTTP request
func HandleGenericTimeCache(req *http.Request, w http.ResponseWriter, lastModified time.Time) (handled bool) {
AddCacheControlToHeader(w.Header(), setting.StaticCacheTime)
AddCacheControlToHeader(w.Header(), setting.StaticCacheTime, nil)

ifModifiedSince := req.Header.Get("If-Modified-Since")
if ifModifiedSince != "" {
Expand Down Expand Up @@ -73,7 +78,7 @@ func HandleGenericETagCache(req *http.Request, w http.ResponseWriter, etag strin
return true
}
}
AddCacheControlToHeader(w.Header(), setting.StaticCacheTime)
AddCacheControlToHeader(w.Header(), setting.StaticCacheTime, nil)
return false
}

Expand Down Expand Up @@ -117,6 +122,6 @@ func HandleGenericETagTimeCache(req *http.Request, w http.ResponseWriter, etag s
}
}
}
AddCacheControlToHeader(w.Header(), setting.StaticCacheTime)
AddCacheControlToHeader(w.Header(), setting.StaticCacheTime, nil)
return false
}
2 changes: 2 additions & 0 deletions routers/install/routes.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"net/http"
"path"

"code.gitea.io/gitea/modules/httpcache"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/public"
"code.gitea.io/gitea/modules/setting"
Expand Down Expand Up @@ -62,6 +63,7 @@ func installRecovery() func(next http.Handler) http.Handler {
"SignedUserName": "",
}

httpcache.AddCacheControlToHeader(w.Header(), 0, []string{"no-transform"})
w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

if !setting.IsProd {
Expand Down
1 change: 1 addition & 0 deletions routers/web/base.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,7 @@ func Recovery() func(next http.Handler) http.Handler {
store["SignedUserName"] = ""
}

httpcache.AddCacheControlToHeader(w.Header(), 0, []string{"no-transform"})
w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

if !setting.IsProd {
Expand Down
2 changes: 1 addition & 1 deletion routers/web/user/avatar.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ func cacheableRedirect(ctx *context.Context, location string) {
// here we should not use `setting.StaticCacheTime`, it is pretty long (default: 6 hours)
// we must make sure the redirection cache time is short enough, otherwise a user won't see the updated avatar in 6 hours
// it's OK to make the cache time short, it is only a redirection, and doesn't cost much to make a new request
httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 5*time.Minute)
httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 5*time.Minute, nil)
ctx.Redirect(location)
}

Expand Down