Fix ETag caching not being used for AJAX requests

Signed-off-by: Rémy Coutable <remy@rymai.me>

Fix ETag caching not being used for AJAX requests
Signed-off-by: Rémy Coutable <remy@rymai.me>
d1933183 · Rémy Coutable · b0097199 · d1933183 · d1933183 · d1933183
Commit d1933183 authored Feb 19, 2019 by Rémy Coutable
3 changed files
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -43,7 +43,10 @@ class ApplicationController < ActionController::Base
    :git_import_enabled?, :gitlab_project_import_enabled?,
    :manifest_import_enabled?

+  # Adds `no-store` to the DEFAULT_CACHE_CONTROL, to prevent security
+  # concerns due to caching private data.
  DEFAULT_GITLAB_CACHE_CONTROL = "#{ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL}, no-store".freeze
+  DEFAULT_GITLAB_CONTROL_NO_CACHE = "#{DEFAULT_GITLAB_CACHE_CONTROL}, no-cache".freeze

  rescue_from Encoding::CompatibilityError do |exception|
    log_exception(exception)
@@ -235,9 +238,9 @@ class ApplicationController < ActionController::Base
  end

  def no_cache_headers
-    response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
-    response.headers["Pragma"] = "no-cache"
-    response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
+    headers['Cache-Control'] = DEFAULT_GITLAB_CONTROL_NO_CACHE
+    headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility
+    headers['Expires'] = 'Fri, 01 Jan 1990 00:00:00 GMT'
  end

  def default_headers
@@ -247,10 +250,16 @@ class ApplicationController < ActionController::Base
    headers['X-Content-Type-Options'] = 'nosniff'

    if current_user
-      # Adds `no-store` to the DEFAULT_CACHE_CONTROL, to prevent security
-      # concerns due to caching private data.
-      headers['Cache-Control'] = DEFAULT_GITLAB_CACHE_CONTROL
-      headers["Pragma"] = "no-cache" # HTTP 1.0 compatibility
+      headers['Cache-Control'] = default_cache_control
+      headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility
+    end
+  end
+
+  def default_cache_control
+    if request.xhr?
+      ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL
+    else
+      DEFAULT_GITLAB_CACHE_CONTROL
    end
  end


--- a/changelogs/unreleased/57905-etag-caching-probably-broken-since-11-5-0.yml
+++ b/changelogs/unreleased/57905-etag-caching-probably-broken-since-11-5-0.yml
+---
+title: Fix ETag caching not being used for AJAX requests
+merge_request: 25400
+author:
+type: fixed
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -665,6 +665,14 @@ describe ApplicationController do

        expect(response.headers['Cache-Control']).to eq 'max-age=0, private, must-revalidate, no-store'
      end
+
+      it 'does not set the "no-store" header for XHR requests' do
+        sign_in(user)
+
+        get :index, xhr: true
+
+        expect(response.headers['Cache-Control']).to eq 'max-age=0, private, must-revalidate'
+      end
    end
  end
 end