add vary header to honor authorization header when caching

2018-03-06 12:46:38 +01:00 · 2018-03-06 12:46:38 +01:00 · b0eacb2a79
commit b0eacb2a79
parent 39bd6694f2
2 changed files with 2 additions and 0 deletions
--- a/lib/cartodb/middleware/context/apikey-credentials.js
+++ b/lib/cartodb/middleware/context/apikey-credentials.js
@ -5,6 +5,7 @@ module.exports = function apikeyToken () {
        const apikeyCredentials = getApikeyCredentialsFromRequest(req);
        res.locals.api_key = apikeyCredentials.token;
        res.locals.apikeyUsername = apikeyCredentials.username;
+        res.set('vary', 'Authorization'); //Honor Authorization header when caching. 
        return next();
    };
 };
--- a/test/acceptance/cache/cache_headers.js
+++ b/test/acceptance/cache/cache_headers.js
@ -155,6 +155,7 @@ describe('get requests with cache headers', function() {

            assert.ok(res.headers['x-cache-channel']);
            assert.ok(res.headers['surrogate-key']);
+            assert.ok(res.headers['vary'] === 'Authorization');
            if (expectedCacheHeaders) {
                validateXChannelHeaders(res.headers, expectedCacheHeaders);
                assert.equal(res.headers['surrogate-key'], expectedCacheHeaders.surrogate_keys);