Enhancement: Requests should never be cached by the browser.
This commit is contained in:
Rolf Schmidt
Thorsten Eckel
parent
2236cd0367
commit
deaac071cb
|
|
@ -3,7 +3,7 @@ module ApplicationController::SetsHeaders
|
|||
|
||||
included do
|
||||
before_action :cors_preflight_check
|
||||
after_action :set_access_control_headers
|
||||
after_action :set_access_control_headers, :set_cache_control_headers
|
||||
end
|
||||
|
||||
private
|
||||
|
|
@ -22,6 +22,15 @@ module ApplicationController::SetsHeaders
|
|||
headers['Access-Control-Allow-Headers'] = 'Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Accept-Language'
|
||||
end
|
||||
|
||||
def set_cache_control_headers
|
||||
|
||||
# by default http cache is disabled
|
||||
# expires_now function only sets no-cache so we handle the headers by our own.
|
||||
headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
|
||||
headers['Pragma'] = 'no-cache'
|
||||
headers['Expires'] = '-1'
|
||||
end
|
||||
|
||||
# If this is a preflight OPTIONS request, then short-circuit the
|
||||
# request, return only the necessary headers and return an empty
|
||||
# text/plain.
|
||||
|
|
|
|||
|
|
@ -39,6 +39,9 @@ RSpec.describe 'Api Auth', type: :request do
|
|||
get '/api/v1/sessions', params: {}, as: :json
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
|
||||
expect(response.header['Cache-Control']).to match(/no-cache, no-store/)
|
||||
expect(response.header['Pragma']).to eq('no-cache')
|
||||
expect(response.header['Expires']).to eq('-1')
|
||||
expect(json_response).to be_a_kind_of(Hash)
|
||||
expect(json_response).to be_truthy
|
||||
end
|
||||
|
|
@ -57,6 +60,9 @@ RSpec.describe 'Api Auth', type: :request do
|
|||
get '/api/v1/tickets', params: {}, as: :json
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
|
||||
expect(response.header['Cache-Control']).to match(/no-cache, no-store/)
|
||||
expect(response.header['Pragma']).to eq('no-cache')
|
||||
expect(response.header['Expires']).to eq('-1')
|
||||
expect(json_response).to be_a_kind_of(Array)
|
||||
expect(json_response).to be_truthy
|
||||
end
|
||||
|
|
@ -75,6 +81,9 @@ RSpec.describe 'Api Auth', type: :request do
|
|||
get '/api/v1/tickets', params: {}, as: :json
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
|
||||
expect(response.header['Cache-Control']).to match(/no-cache, no-store/)
|
||||
expect(response.header['Pragma']).to eq('no-cache')
|
||||
expect(response.header['Expires']).to eq('-1')
|
||||
expect(json_response).to be_a_kind_of(Array)
|
||||
expect(json_response).to be_truthy
|
||||
end
|
||||
|
|
@ -104,6 +113,9 @@ RSpec.describe 'Api Auth', type: :request do
|
|||
get '/api/v1/sessions', params: {}, as: :json
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
|
||||
expect(response.header['Cache-Control']).to match(/no-cache, no-store/)
|
||||
expect(response.header['Pragma']).to eq('no-cache')
|
||||
expect(response.header['Expires']).to eq('-1')
|
||||
|
||||
expect(json_response).to be_a_kind_of(Hash)
|
||||
expect(json_response).to be_truthy
|
||||
|
|
@ -251,6 +263,9 @@ RSpec.describe 'Api Auth', type: :request do
|
|||
get '/api/v1/tickets', params: {}, as: :json
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
|
||||
expect(response.header['Cache-Control']).to match(/no-cache, no-store/)
|
||||
expect(response.header['Pragma']).to eq('no-cache')
|
||||
expect(response.header['Expires']).to eq('-1')
|
||||
expect(json_response).to be_a_kind_of(Array)
|
||||
expect(json_response).to be_truthy
|
||||
|
||||
|
|
@ -286,6 +301,9 @@ RSpec.describe 'Api Auth', type: :request do
|
|||
Setting.set('api_token_access', true)
|
||||
get '/api/v1/tickets', params: {}, as: :json
|
||||
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
|
||||
expect(response.header['Cache-Control']).to match(/no-cache, no-store/)
|
||||
expect(response.header['Pragma']).to eq('no-cache')
|
||||
expect(response.header['Expires']).to eq('-1')
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(json_response).to be_a_kind_of(Array)
|
||||
expect(json_response).to be_truthy
|
||||
|
|
@ -370,6 +388,9 @@ RSpec.describe 'Api Auth', type: :request do
|
|||
get '/api/v1/tickets', params: {}, as: :json
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response.header['Access-Control-Allow-Origin']).to eq('*')
|
||||
expect(response.header['Cache-Control']).to match(/no-cache, no-store/)
|
||||
expect(response.header['Pragma']).to eq('no-cache')
|
||||
expect(response.header['Expires']).to eq('-1')
|
||||
expect(json_response).to be_a_kind_of(Array)
|
||||
expect(json_response).to be_truthy
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue