Updated HTTP 1.1 header and session destroy

c825124b · Tim Zallmann · 450bcb19 · c825124b · c825124b
Commit c825124b authored Dec 06, 2021 by Tim Zallmann
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 4 deletions

app/controllers/application_controller.rb app/controllers/application_controller.rb +1 -3

app/controllers/sessions_controller.rb app/controllers/sessions_controller.rb +1 -1

No files found.
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -279,9 +279,7 @@ class ApplicationController < ActionController::Base
  end

  def default_cache_headers
-    if current_user
-      headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility
-    end
+    headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility
  end

  def stream_csv_headers(csv_filename)

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -84,7 +84,7 @@ class SessionsController < Devise::SessionsController
  end

  def destroy
-    headers['Clear-Site-Data'] = '"cache"'
+    headers['Clear-Site-Data'] = '"*"'

    Gitlab::AppLogger.info("User Logout: username=#{current_user.username} ip=#{request.remote_ip}")
    super