Closed Bug 1227293 Opened 9 years ago Closed 8 years ago

API responses are cached

Categories

(Participation Infrastructure :: Phonebook, defect)

Product:
Participation Infrastructure
Component:
Phonebook
Version:
2016-2.1
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: jonasfj, Assigned: nemo-yiannis)

References

Details

On a oneoff dyno inside heroku (EC2) I can trivially show that API results
are cached.

Please, add header:
  cache-control: private, max-age=0, no-cache

Really do also allow API keys to be sent via 'authentication' header,
that way this would never have been an issue. There is many good reasons
to use 'authentication', notably most caches and proxies does the right thing.
Like don't cache and don't log the contents of that header to anywhere. 

See also bug 1216799.
Blocks: 1225569
Commits pushed to master at https://github.com/mozilla/mozillians

https://github.com/mozilla/mozillians/commit/0ec09f394b95baf1e548460d91fb1f9d428c9103
[Fix bug 1227293] Do not cache API v2 responses.

https://github.com/mozilla/mozillians/commit/9340e9e915974cee09bb9a8d9809d3c0c24f2e08
Merge pull request #1289 from johngian/1227293

[Fix bug 1227293] Do not cache API v2 responses.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Version: other → next
Assignee: nobody → jgiannelos
Although there is a cache-control header, it has max-age=0 which is different from no-cache. Since the API reflects any changes in the profiles immediately and the never_cache decorator [0] in Django adds the 'no-cache' and 'no-store' in version 1.8, which is already in a PR [1], I am marking this bug as verified.

[0] https://code.djangoproject.com/ticket/13008
[1] https://github.com/mozilla/mozillians/pull/1315
Status: RESOLVED → VERIFIED
Version: next → 2016-2.1
You need to log in before you can comment on or make changes to this bug.