mastodon/app/controllers/auth
Daniel Axtens 4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations (#20608)
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
2022-11-16 04:56:30 +01:00
..
challenges_controller.rb
confirmations_controller.rb Fix confirmation redirect to app without Location header (#18523) 2022-05-26 22:03:54 +02:00
omniauth_callbacks_controller.rb Fix crash when external auth provider has no display_name set (#19962) 2022-11-07 15:43:24 +01:00
passwords_controller.rb Fix reviving revoked sessions and invalidating login (#16943) 2021-11-06 00:13:58 +01:00
registrations_controller.rb Add 'private' to Cache-Control, match Rails expectations (#20608) 2022-11-16 04:56:30 +01:00
sessions_controller.rb Fix suspicious sign-in mails never being sent (#18599) 2022-06-21 15:16:22 +02:00
setup_controller.rb