Commit f7cd5fd7 authored by Pawel Chojnacki's avatar Pawel Chojnacki

Ensure mutable uploads are not cached without revalidation

parent 29b59456
...@@ -14,6 +14,8 @@ class UploadsController < ApplicationController ...@@ -14,6 +14,8 @@ class UploadsController < ApplicationController
end end
disposition = uploader.image? ? 'inline' : 'attachment' disposition = uploader.image? ? 'inline' : 'attachment'
expires_in 0.seconds, must_revalidate: true, private: true
send_file uploader.file.path, disposition: disposition send_file uploader.file.path, disposition: disposition
end end
......
---
title: Uploaded files which content can change now require revalidation on each page load
merge_request: 9453
author:
require 'spec_helper' require 'spec_helper'
shared_examples 'content not cached without revalidation' do
it 'ensures content will not be cached without revalidation' do
expect(subject['Cache-Control']).to eq('max-age=0, private, must-revalidate')
end
end
describe UploadsController do describe UploadsController do
let!(:user) { create(:user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) } let!(:user) { create(:user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
...@@ -50,6 +55,13 @@ describe UploadsController do ...@@ -50,6 +55,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'user', mounted_as: 'avatar', id: user.id, filename: 'image.png'
response
end
end
end end
end end
...@@ -59,6 +71,13 @@ describe UploadsController do ...@@ -59,6 +71,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'user', mounted_as: 'avatar', id: user.id, filename: 'image.png'
response
end
end
end end
end end
...@@ -76,6 +95,13 @@ describe UploadsController do ...@@ -76,6 +95,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'project', mounted_as: 'avatar', id: project.id, filename: 'image.png'
response
end
end
end end
context "when signed in" do context "when signed in" do
...@@ -88,6 +114,13 @@ describe UploadsController do ...@@ -88,6 +114,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'project', mounted_as: 'avatar', id: project.id, filename: 'image.png'
response
end
end
end end
end end
...@@ -133,6 +166,13 @@ describe UploadsController do ...@@ -133,6 +166,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'project', mounted_as: 'avatar', id: project.id, filename: 'image.png'
response
end
end
end end
end end
...@@ -157,6 +197,13 @@ describe UploadsController do ...@@ -157,6 +197,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'group', mounted_as: 'avatar', id: group.id, filename: 'image.png'
response
end
end
end end
context "when signed in" do context "when signed in" do
...@@ -169,6 +216,13 @@ describe UploadsController do ...@@ -169,6 +216,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'group', mounted_as: 'avatar', id: group.id, filename: 'image.png'
response
end
end
end end
end end
...@@ -205,6 +259,13 @@ describe UploadsController do ...@@ -205,6 +259,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'group', mounted_as: 'avatar', id: group.id, filename: 'image.png'
response
end
end
end end
end end
...@@ -234,6 +295,13 @@ describe UploadsController do ...@@ -234,6 +295,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'note', mounted_as: 'attachment', id: note.id, filename: 'image.png'
response
end
end
end end
context "when signed in" do context "when signed in" do
...@@ -246,6 +314,13 @@ describe UploadsController do ...@@ -246,6 +314,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'note', mounted_as: 'attachment', id: note.id, filename: 'image.png'
response
end
end
end end
end end
...@@ -291,6 +366,13 @@ describe UploadsController do ...@@ -291,6 +366,13 @@ describe UploadsController do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it_behaves_like 'content not cached without revalidation' do
subject do
get :show, model: 'note', mounted_as: 'attachment', id: note.id, filename: 'image.png'
response
end
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment