Do not cache uploads for six months by default

Setting a long-term cache header works fine when not using object storage, or when using object storage with proxy_download enabled. When using object storage _without_ proxy_download, we send a redirect that's cached for six months to a signed URL in object storage, but the signed URL only works for ten minutes. So once those ten minutes are up, the browser will keep following the (cached) redirect to a dead link. In future, we could be more sophisticated by setting the TTL based on the settings we're using. For now, just set this back to the pre-12.4 state of not caching content for longer than 5 minutes.

Do not cache uploads for six months by default
Setting a long-term cache header works fine when not using object storage, or when using object storage with proxy_download enabled. When using object storage _without_ proxy_download, we send a redirect that's cached for six months to a signed URL in object storage, but the signed URL only works for ten minutes. So once those ten minutes are up, the browser will keep following the (cached) redirect to a dead link. In future, we could be more sophisticated by setting the TTL based on the settings we're using. For now, just set this back to the pre-12.4 state of not caching content for longer than 5 minutes.
676d7ec6 · Sean McGivern · 51d5357b · 676d7ec6 · 676d7ec6 · 676d7ec6
Commit 676d7ec6 authored Nov 01, 2019 by Sean McGivern
3 changed files
--- a/app/controllers/concerns/uploads_actions.rb
+++ b/app/controllers/concerns/uploads_actions.rb
@@ -34,7 +34,7 @@ module UploadsActions
    headers['Pragma'] = ''
    ttl, directives = *cache_settings
-    ttl ||= 6.months
+    ttl ||= 0
    directives ||= { private: true, must_revalidate: true }
    expires_in ttl, directives

--- a/changelogs/unreleased/35337-images-stopped-loading-signed-urls-of-uploads-expire-earlier-than-r.yml
+++ b/changelogs/unreleased/35337-images-stopped-loading-signed-urls-of-uploads-expire-earlier-than-r.yml
+---
+title: Disable upload HTTP caching to fix case when object storage is enabled and
+  proxy_download is disabled
+merge_request: 19494
+author:
+type: fixed
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -7,9 +7,9 @@ shared_examples 'content 5 min private cached with revalidation' do
  end
 end
-shared_examples 'content long term private cached with revalidation' do
+shared_examples 'content not cached' do
  it 'ensures content will not be cached without revalidation' do
-    expect(subject['Cache-Control']).to eq('max-age=15778476, private, must-revalidate')
+    expect(subject['Cache-Control']).to eq('max-age=0, private, must-revalidate')
  end
 end
@@ -490,7 +490,7 @@ describe UploadsController do
            expect(response).to have_gitlab_http_status(200)
          end
-          it_behaves_like 'content long term private cached with revalidation' do
+          it_behaves_like 'content not cached' do
            subject do
              get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }
@@ -510,7 +510,7 @@ describe UploadsController do
            expect(response).to have_gitlab_http_status(200)
          end
-          it_behaves_like 'content long term private cached with revalidation' do
+          it_behaves_like 'content not cached' do
            subject do
              get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }
@@ -563,7 +563,7 @@ describe UploadsController do
                expect(response).to have_gitlab_http_status(200)
              end
-              it_behaves_like 'content long term private cached with revalidation' do
+              it_behaves_like 'content not cached' do
                subject do
                  get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }