API: Add auth token to vary header for caching proxies and CDNs #3931
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
parent
c3b9b73d1d
commit
da10b30fdf
2 changed files with 13 additions and 0 deletions
|
|
@ -18,6 +18,9 @@ var Security = func(conf *config.Config) gin.HandlerFunc {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set vary header.
|
||||||
|
c.Header(header.Vary, header.DefaultVary)
|
||||||
|
|
||||||
// If permitted, set CORS headers (Cross-Origin Resource Sharing).
|
// If permitted, set CORS headers (Cross-Origin Resource Sharing).
|
||||||
// See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
// See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
||||||
if origin := conf.CORSOrigin(); origin != "" {
|
if origin := conf.CORSOrigin(); origin != "" {
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,11 @@
|
||||||
package header
|
package header
|
||||||
|
|
||||||
|
import "strings"
|
||||||
|
|
||||||
|
// Content header names.
|
||||||
const (
|
const (
|
||||||
Accept = "Accept"
|
Accept = "Accept"
|
||||||
|
AcceptEncoding = "Accept-Encoding"
|
||||||
AcceptRanges = "Accept-Ranges"
|
AcceptRanges = "Accept-Ranges"
|
||||||
ContentType = "Content-Type"
|
ContentType = "Content-Type"
|
||||||
ContentTypeForm = "application/x-www-form-urlencoded"
|
ContentTypeForm = "application/x-www-form-urlencoded"
|
||||||
|
|
@ -13,3 +17,9 @@ const (
|
||||||
Origin = "Origin"
|
Origin = "Origin"
|
||||||
Vary = "Vary"
|
Vary = "Vary"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Content header defaults.
|
||||||
|
var (
|
||||||
|
DefaultVaryHeaders = []string{XAuthToken, AcceptEncoding}
|
||||||
|
DefaultVary = strings.Join(DefaultVaryHeaders, ", ")
|
||||||
|
)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue