Closed Bug 1910092 Opened 1 year ago Closed 11 months ago

Add Vary: Auth-Token header in APITokenAuthenticationMiddleware

Categories

(Tecken :: General, task, P2)

Product:
Tecken
Component:
General
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: sven, Assigned: sven)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

[mozilla-services/tecken] bug-1910092: Add Vary: Auth-Token header for requests with a token. (#3006)
52 bytes, text/x-github-pull-request
Details | Review

We are currently setting "Cache-Control: no-store" in nginx, which essentially prevents all caching. In GCP we will no longer add the Cache-Control header in nginx. To make any potential client-side caching of Tecken's responses to auth-token authenticated requests behave correctly, we should set "Vary: Auth-Token" on all responses to requests that include an auth token.

Assignee: nobody → sven
Blocks: 1687804
Priority: -- → P2
Assignee: sven → nobody

This was deployed to production with the tag v2024.09.12. When testing this in production, the response contains two Vary headers:

Vary: Accept-Encoding
Vary: Auth-Token

It looks like the first one is added by nginx, possibly for the gzip encoding (though I wasn't able to reproduce the behaviour locally). I think it's fine to have two Vary headers, so I'll call this fixed.

Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: