From b86dce69e9fbc3a153769b577e7ba1d8684979f6 Mon Sep 17 00:00:00 2001 From: Alec Armbruster <35377827+alectrocute@users.noreply.github.com> Date: Thu, 29 Jun 2023 13:09:37 -0400 Subject: [PATCH] possible fix for #1705 --- src/server/handlers/security-handler.ts | 10 +++------- src/server/middleware.ts | 6 ++++-- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/src/server/handlers/security-handler.ts b/src/server/handlers/security-handler.ts index 0aed0cdc..c0f90fbd 100644 --- a/src/server/handlers/security-handler.ts +++ b/src/server/handlers/security-handler.ts @@ -5,13 +5,9 @@ export default async ({ res }: { res: Response }) => { res.send( `Contact: mailto:security@lemmy.ml - Contact: mailto:admin@` + - process.env.LEMMY_UI_LEMMY_EXTERNAL_HOST + - ` - Contact: mailto:security@` + - process.env.LEMMY_UI_LEMMY_EXTERNAL_HOST + - ` - Expires: 2024-01-01T04:59:00.000Z + Contact: mailto:admin@${process.env.LEMMY_UI_LEMMY_EXTERNAL_HOST} + Contact: mailto:security@${process.env.LEMMY_UI_LEMMY_EXTERNAL_HOST} + Expires: 2024-01-01T04:59:00.000Z ` ); }; diff --git a/src/server/middleware.ts b/src/server/middleware.ts index 9815e71e..b0ccbb96 100644 --- a/src/server/middleware.ts +++ b/src/server/middleware.ts @@ -18,7 +18,7 @@ export function setDefaultCsp({ // Set cache-control headers. If user is logged in, set `private` to prevent storing data in // shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching -// all responses for 60 seconds to reduce load on backend and database. The specific cache +// all responses for 5 seconds to reduce load on backend and database. The specific cache // interval is rather arbitrary and could be set higher (less server load) or lower (fresher data). // // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control @@ -31,11 +31,13 @@ export function setCacheControl({ }) { const user = UserService.Instance; let caching: string; + if (user.auth()) { caching = "private"; } else { - caching = "public, max-age=60"; + caching = "public, max-age=5"; } + res.setHeader("Cache-Control", caching); next();