-
Alex Smith authored
https://github.com/rails/rails/pull/39461 changed the `no-store` directive for the `Cache-Control` header to be exclusive, i.e. when setting `Cache-Control` to `private, no-store`, this is simplified to just `no-store`. `private` should typically be superfluous there, but it's not always. For instance, Fastly "does not currently respect no-store or no-cache directives" and says that "if you need to prevent caching by both Fastly and web browsers, we recommend combining the private directive with max-age=0 or no-store". https://docs.fastly.com/en/guides/configuring-caching#do-not-cache Since it's not possible to override this directive reduction behaviour, the changes in #39461 prevent Fastly users from upgrading Rails. This changes the behaviour to allow setting a 'private, no-store' header when private is specified - similar to how 'public' can be specified when 'no-cache' is, but not as a default. Fixes https://github.com/rails/rails/issues/40798
Alex Smith authoredhttps://github.com/rails/rails/pull/39461 changed the `no-store` directive for the `Cache-Control` header to be exclusive, i.e. when setting `Cache-Control` to `private, no-store`, this is simplified to just `no-store`. `private` should typically be superfluous there, but it's not always. For instance, Fastly "does not currently respect no-store or no-cache directives" and says that "if you need to prevent caching by both Fastly and web browsers, we recommend combining the private directive with max-age=0 or no-store". https://docs.fastly.com/en/guides/configuring-caching#do-not-cache Since it's not possible to override this directive reduction behaviour, the changes in #39461 prevent Fastly users from upgrading Rails. This changes the behaviour to allow setting a 'private, no-store' header when private is specified - similar to how 'public' can be specified when 'no-cache' is, but not as a default. Fixes https://github.com/rails/rails/issues/40798
Loading