Set proper Cache-Control headers everywhere #42

Open
opened 2020-07-28 17:00:27 +00:00 by phryk · 0 comments
phryk commented 2020-07-28 17:00:27 +00:00 (Migrated from rnd.phryk.net)

I'd thought I'd done this already, but apparently only for theme resources and robots.txt.

Everything needs to have "public" enabled (at least optionally) for the httpd
to do proper caching so that not every single request gets processed by poobrains itself, which would make a DDoS or an outage due to lots of requests to expensive endpoints pretty easy to happen. This should most definitely be considered a bug.

config already contains 'CACHE_SHORT' which is used exactly nowhere.
It should apply to all non-Administerable Renderables.

Administerable should get an extra BooleanField to activate public caching (default=False).

I'd thought I'd done this already, but apparently only for theme resources and robots.txt. **Everything** needs to have "public" enabled (at least optionally) for the httpd to do proper caching so that not every single request gets processed by poobrains itself, which would make a DDoS or an outage due to lots of requests to expensive endpoints pretty easy to happen. This should most definitely be considered a bug. config already contains 'CACHE_SHORT' which is used exactly nowhere. It should apply to all non-`Administerable` `Renderable`s. `Administerable` should get an extra `BooleanField` to activate public caching (default=False).
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: phryk-evil-mad-sciences-llc/poobrains#42
No description provided.