Commit graph

4 commits

Author SHA1 Message Date
Daniel Axtens
e61dc520ae Add 'private' to Cache-Control, match Rails expectations (#20608)
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
2022-11-16 04:56:30 +01:00
Eugen Rochko
403aeeb7e0 Refactor settings controllers (#14767)
- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
2020-09-11 20:56:35 +02:00
Eugen Rochko
49b6881379 Fix settings pages being cacheable by the browser (#12714)
Fix #12255
2019-12-30 04:38:30 +01:00
ysksn
8996de49df Create Settings::BaseController (#9507)
Define `Settings::BaseController#set_body_classes` so that sub classes
inherit `Settings::BaseController` don't need to define
`#set_body_classes` agein.
2018-12-12 22:32:13 +01:00