bgme/mastodon
1
0
Fork 0
mirror of https://github.com/yingziwu/mastodon.git synced 2026-02-04 03:25:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Fix Vary parsing in cache control enforcement (#37426)

Browse source
This commit is contained in:
Joshua Rogers 2026-01-10 03:21:18 +11:00 committed by Claire
parent 57f658dc5c
commit f7b6e57151
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/concerns/cache_concern.rb
View file

@ -19,7 +19,7 @@ module CacheConcern
# from being used as cache keys, while allowing to `Vary` on them (to not serve # from being used as cache keys, while allowing to `Vary` on them (to not serve
# anonymous cached data to authenticated requests when authentication matters) # anonymous cached data to authenticated requests when authentication matters)
def enforce_cache_control! def enforce_cache_control!
vary = response.headers['Vary']&.split&.map { |x| x.strip.downcase } vary = response.headers['Vary'].to_s.split(',').map { |x| x.strip.downcase }.reject(&:empty?)
return unless vary.present? && %w(cookie authorization signature).any? { |header| vary.include?(header) && request.headers[header].present? } return unless vary.present? && %w(cookie authorization signature).any? { |header| vary.include?(header) && request.headers[header].present? }
response.cache_control.replace(private: true, no_store: true) response.cache_control.replace(private: true, no_store: true)