github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 13:51:09 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Include the Vary:Accept header on all Accept-based responses (#14647)

Browse Source 
By default, Rails only includes the Vary:Accept header in responses when the Accept: header is included in the request. This means that proxies/browsers may cache a response to a request with a missing Accept header, and then later serve that cached version for a request which **does** supply the Accept header. This can lead to some very unexpected behavior in browsers.

This commit adds the Vary:Accept header for all requests, even if the Accept header is not present in the request. If a format parameter (e.g. `.json` suffix) is included in the path, then the Accept header is still omitted. (The format parameter takes precedence over any Accept: header, so the response is no longer varies based on the Accept header)
This commit is contained in:
David Taylor
2021-10-25 12:53:50 +01:00
committed by GitHub
parent cbd7898d1d
commit 9ac6f1d3bb
3 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/application_controller.rb
View File

@ -9,6 +9,7 @@ class ApplicationController < ActionController::Base
include GlobalPath
include Hijack
include ReadOnlyHeader
include VaryHeader
attr_reader :theme_id
@ -46,6 +47,7 @@ class ApplicationController < ActionController::Base
after_action :perform_refresh_session
after_action :dont_cache_page
after_action :conditionally_allow_site_embedding
after_action :ensure_vary_header
HONEYPOT_KEY ||= 'HONEYPOT_KEY'
CHALLENGE_KEY ||= 'CHALLENGE_KEY'