Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions modules/context/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,13 @@ import (
"net/http"
"net/url"
"strings"
"time"

"code.gitea.io/gitea/models/auth"
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/modules/cache"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/httpcache"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/web/middleware"
Expand Down Expand Up @@ -268,6 +270,7 @@ func APIContexter() func(http.Handler) http.Handler {
}
}

httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0*time.Second)
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

ctx.Data["Context"] = &ctx
Expand Down
2 changes: 2 additions & 0 deletions modules/context/context.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
"code.gitea.io/gitea/modules/base"
mc "code.gitea.io/gitea/modules/cache"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/httpcache"
"code.gitea.io/gitea/modules/json"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
Expand Down Expand Up @@ -767,6 +768,7 @@ func Contexter() func(next http.Handler) http.Handler {
}
}

httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0*time.Second)
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

ctx.Data["CsrfToken"] = ctx.csrf.GetToken()
Expand Down
6 changes: 3 additions & 3 deletions modules/httpcache/httpcache.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@ import (
// AddCacheControlToHeader adds suitable cache-control headers to response
func AddCacheControlToHeader(h http.Header, d time.Duration) {
if setting.IsProd {
h.Set("Cache-Control", "private, max-age="+strconv.Itoa(int(d.Seconds())))
h.Set("Cache-Control", "private, no-transform, max-age="+strconv.Itoa(int(d.Seconds())))
} else {
h.Set("Cache-Control", "no-store")
h.Set("Cache-Control", "no-store, no-transform")
// to remind users they are using non-prod setting.
// some users may be confused by "Cache-Control: no-store" in their setup if they did wrong to `RUN_MODE` in `app.ini`.
h.Add("X-Gitea-Debug", "RUN_MODE="+setting.RunMode)
h.Add("X-Gitea-Debug", "CacheControl=no-store")
h.Add("X-Gitea-Debug", "CacheControl=no-store, no-transform")
}
}

Expand Down
3 changes: 3 additions & 0 deletions routers/install/routes.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@ import (
"fmt"
"net/http"
"path"
"time"

"code.gitea.io/gitea/modules/httpcache"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/public"
"code.gitea.io/gitea/modules/setting"
Expand Down Expand Up @@ -62,6 +64,7 @@ func installRecovery() func(next http.Handler) http.Handler {
"SignedUserName": "",
}

httpcache.AddCacheControlToHeader(w.Header(), 0*time.Second)
w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

if !setting.IsProd {
Expand Down
2 changes: 2 additions & 0 deletions routers/web/base.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"os"
"path"
"strings"
"time"

"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/httpcache"
Expand Down Expand Up @@ -158,6 +159,7 @@ func Recovery() func(next http.Handler) http.Handler {
store["SignedUserName"] = ""
}

httpcache.AddCacheControlToHeader(w.Header(), 0*time.Second)
w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

if !setting.IsProd {
Expand Down