API: Add auth token to vary header for caching proxies and CDNs #3931

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-16 16:42:21 +01:00 · 2024-01-16 16:42:21 +01:00 · da10b30fdf
commit da10b30fdf
parent c3b9b73d1d
2 changed files with 13 additions and 0 deletions
--- a/internal/server/security.go
+++ b/internal/server/security.go
@ -18,6 +18,9 @@ var Security = func(conf *config.Config) gin.HandlerFunc {
 			return
 		}

+		// Set vary header.
+		c.Header(header.Vary, header.DefaultVary)
+
 		// If permitted, set CORS headers (Cross-Origin Resource Sharing).
 		// See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
 		if origin := conf.CORSOrigin(); origin != "" {
--- a/pkg/header/content.go
+++ b/pkg/header/content.go
@ -1,7 +1,11 @@
 package header

+import "strings"
+
+// Content header names.
 const (
 	Accept             = "Accept"
+	AcceptEncoding     = "Accept-Encoding"
 	AcceptRanges       = "Accept-Ranges"
 	ContentType        = "Content-Type"
 	ContentTypeForm    = "application/x-www-form-urlencoded"
@ -13,3 +17,9 @@ const (
 	Origin             = "Origin"
 	Vary               = "Vary"
 )
+
+// Content header defaults.
+var (
+	DefaultVaryHeaders = []string{XAuthToken, AcceptEncoding}
+	DefaultVary        = strings.Join(DefaultVaryHeaders, ", ")
+)