`no-transform` allegedly disables CloudFlare auto-minify and we did not set caching headers on html or api requests, which seems good to have regardless. Transformation is still allowed for asset requests. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
e930d66a9c
commit
2fe0dab2d5
5 changed files with 19 additions and 5 deletions
|
@ -16,6 +16,7 @@ import (
|
||||||
repo_model "code.gitea.io/gitea/models/repo"
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
"code.gitea.io/gitea/modules/cache"
|
"code.gitea.io/gitea/modules/cache"
|
||||||
"code.gitea.io/gitea/modules/git"
|
"code.gitea.io/gitea/modules/git"
|
||||||
|
"code.gitea.io/gitea/modules/httpcache"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/web/middleware"
|
"code.gitea.io/gitea/modules/web/middleware"
|
||||||
|
@ -268,6 +269,7 @@ func APIContexter() func(http.Handler) http.Handler {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")
|
||||||
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
||||||
|
|
||||||
ctx.Data["Context"] = &ctx
|
ctx.Data["Context"] = &ctx
|
||||||
|
|
|
@ -28,6 +28,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/base"
|
"code.gitea.io/gitea/modules/base"
|
||||||
mc "code.gitea.io/gitea/modules/cache"
|
mc "code.gitea.io/gitea/modules/cache"
|
||||||
"code.gitea.io/gitea/modules/git"
|
"code.gitea.io/gitea/modules/git"
|
||||||
|
"code.gitea.io/gitea/modules/httpcache"
|
||||||
"code.gitea.io/gitea/modules/json"
|
"code.gitea.io/gitea/modules/json"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
@ -767,6 +768,7 @@ func Contexter() func(next http.Handler) http.Handler {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")
|
||||||
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
||||||
|
|
||||||
ctx.Data["CsrfToken"] = ctx.csrf.GetToken()
|
ctx.Data["CsrfToken"] = ctx.csrf.GetToken()
|
||||||
|
|
|
@ -17,16 +17,23 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
// AddCacheControlToHeader adds suitable cache-control headers to response
|
// AddCacheControlToHeader adds suitable cache-control headers to response
|
||||||
func AddCacheControlToHeader(h http.Header, d time.Duration) {
|
func AddCacheControlToHeader(h http.Header, maxAge time.Duration, additionalDirectives ...string) {
|
||||||
|
directives := make([]string, 0, 2+len(additionalDirectives))
|
||||||
|
|
||||||
if setting.IsProd {
|
if setting.IsProd {
|
||||||
h.Set("Cache-Control", "private, max-age="+strconv.Itoa(int(d.Seconds())))
|
if maxAge == 0 {
|
||||||
|
directives = append(directives, "no-store")
|
||||||
|
} else {
|
||||||
|
directives = append(directives, "private", "max-age="+strconv.Itoa(int(maxAge.Seconds())))
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
h.Set("Cache-Control", "no-store")
|
directives = append(directives, "no-store")
|
||||||
|
|
||||||
// to remind users they are using non-prod setting.
|
// to remind users they are using non-prod setting.
|
||||||
// some users may be confused by "Cache-Control: no-store" in their setup if they did wrong to `RUN_MODE` in `app.ini`.
|
|
||||||
h.Add("X-Gitea-Debug", "RUN_MODE="+setting.RunMode)
|
h.Add("X-Gitea-Debug", "RUN_MODE="+setting.RunMode)
|
||||||
h.Add("X-Gitea-Debug", "CacheControl=no-store")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
h.Set("Cache-Control", strings.Join(append(directives, additionalDirectives...), ", "))
|
||||||
}
|
}
|
||||||
|
|
||||||
// generateETag generates an ETag based on size, filename and file modification time
|
// generateETag generates an ETag based on size, filename and file modification time
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"path"
|
"path"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/httpcache"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/public"
|
"code.gitea.io/gitea/modules/public"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
@ -62,6 +63,7 @@ func installRecovery() func(next http.Handler) http.Handler {
|
||||||
"SignedUserName": "",
|
"SignedUserName": "",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
httpcache.AddCacheControlToHeader(w.Header(), 0, "no-transform")
|
||||||
w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
||||||
|
|
||||||
if !setting.IsProd {
|
if !setting.IsProd {
|
||||||
|
|
|
@ -158,6 +158,7 @@ func Recovery() func(next http.Handler) http.Handler {
|
||||||
store["SignedUserName"] = ""
|
store["SignedUserName"] = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
httpcache.AddCacheControlToHeader(w.Header(), 0, "no-transform")
|
||||||
w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
||||||
|
|
||||||
if !setting.IsProd {
|
if !setting.IsProd {
|
||||||
|
|
Reference in a new issue