IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

API: Change how Cache-Control and related headers are set (#62021)

Browse Source 
- change Cache-Control from no-cache to no-store
- do not set (and remove if set) older Pragma/Expires
This commit is contained in:
Kyle Brandt
2023-01-25 09:09:27 -05:00
committed by GitHub
parent 0d7e303809
commit 13de1afcbe
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/middleware/middleware.go
View File

@@ -69,9 +69,9 @@ func addSecurityHeaders(w web.ResponseWriter, cfg *setting.Cfg) {
}
func addNoCacheHeaders(w web.ResponseWriter) {
w.Header().Set("Cache-Control", "no-cache")
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Expires", "-1")
w.Header().Set("Cache-Control", "no-store")
w.Header().Del("Pragma")
w.Header().Del("Expires")
}
func addXFrameOptionsDenyHeader(w web.ResponseWriter) {

14
pkg/middleware/middleware_test.go
View File

@@ -128,7 +128,7 @@ func TestMiddleWareContentSecurityPolicyHeaders(t *testing.T) {
}
func TestMiddlewareContext(t *testing.T) {
const noCache = "no-cache"
const noStore = "no-store"
configureJWTAuthHeader := func(cfg *setting.Cfg) {
cfg.JWTAuthEnabled = true
@@ -147,9 +147,9 @@ func TestMiddlewareContext(t *testing.T) {
middlewareScenario(t, "middleware should add Cache-Control header for requests to API", func(t *testing.T, sc *scenarioContext) {
sc.fakeReq("GET", "/api/search").exec()
assert.Equal(t, noCache, sc.resp.Header().Get("Cache-Control"))
assert.Equal(t, noCache, sc.resp.Header().Get("Pragma"))
assert.Equal(t, "-1", sc.resp.Header().Get("Expires"))
assert.Equal(t, noStore, sc.resp.Header().Get("Cache-Control"))
assert.Empty(t, sc.resp.Header().Get("Pragma"))
assert.Empty(t, sc.resp.Header().Get("Expires"))
})
middlewareScenario(t, "middleware should not add Cache-Control header for requests to datasource proxy API", func(
@@ -175,9 +175,9 @@ func TestMiddlewareContext(t *testing.T) {
}
sc.fakeReq("GET", "/").exec()
require.Equal(t, 200, sc.resp.Code)
assert.Equal(t, noCache, sc.resp.Header().Get("Cache-Control"))
assert.Equal(t, noCache, sc.resp.Header().Get("Pragma"))
assert.Equal(t, "-1", sc.resp.Header().Get("Expires"))
assert.Equal(t, noStore, sc.resp.Header().Get("Cache-Control"))
assert.Empty(t, sc.resp.Header().Get("Pragma"))
assert.Empty(t, sc.resp.Header().Get("Expires"))
})
middlewareScenario(t, "middleware should add X-Frame-Options header with deny for request when not allowing embedding", func(