Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Cache_Control private header to server responses #3131

Merged
merged 2 commits into from
Feb 7, 2025
Merged

Add Cache_Control private header to server responses #3131

merged 2 commits into from
Feb 7, 2025

Conversation

MonkeyDo
Copy link
Member

We have seen issues where it seems that a user's cookies are sent to the wrong user, making it appear like you are logged into another user's account. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching#private_caches as well as https://stackoverflow.com/a/26813182

I created this branch months ago and promptly forgot about it entirely.
Now I anm cleaning old branches, here we are :)

@MonkeyDo
Add Cache_Control private header to server responses
7830fa3 
We have seen issues where it seems that a user's cookies are sent to the wrong user, making it appear like you are logged into another user's account.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching#private_caches as well as  https://stackoverflow.com/a/26813182
@pep8speaks
Copy link

pep8speaks commented Jan 17, 2025
edited
Loading

Hello @MonkeyDo! Thanks for updating this PR. We checked the lines you've touched for PEP 8 issues, and found:

There are currently no PEP 8 issues detected in this Pull Request. Cheers! 🍻

Comment last updated at 2025-01-17 12:22:11 UTC

@MonkeyDo MonkeyDo requested a review from amCap1712 January 17, 2025 12:21
@MonkeyDo MonkeyDo requested a review from mayhem January 23, 2025 12:19
@mayhem
Copy link
Member

mayhem commented Jan 23, 2025

Seems sensical, but I dont understand caching well enough. I think we should have @amCap1712 also look at this.

@MonkeyDo
Copy link
Member Author

MonkeyDo commented Feb 5, 2025

Quick ping to @amCap1712

amCap1712
amCap1712 approved these changes Feb 5, 2025
View reviewed changes
Copy link
Member

@amCap1712 amCap1712 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should add this for only responses that require authorization, like that determine the user based on the auth token in the request header but it's fine to do that later.

@MonkeyDo MonkeyDo merged commit 2c00f30 into master Feb 7, 2025
2 checks passed
@MonkeyDo MonkeyDo deleted the private-cache-response branch February 7, 2025 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amCap1712 amCap1712 amCap1712 approved these changes

@mayhem mayhem Awaiting requested review from mayhem

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MonkeyDo @pep8speaks @mayhem @amCap1712