Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add Cache-Control "no-store" to all dynamically generated content #39550

Merged
merged 1 commit into from
May 10, 2024
Merged

Add Cache-Control "no-store" to all dynamically generated content #39550

merged 1 commit into from
May 10, 2024

Conversation

potiuk
Copy link
Member

@potiuk potiuk commented May 10, 2024

This one prevents accidental storing of dynamic content containing potentially sensitive data in cache. The way we implemented it, we check if the response already contains "Cache-Control" - if it does then it means that this is a static content with default cache control set by SEND_FILE_MAX_AGE_DEFAULT setting (43200 by default).

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in newsfragments.

@potiuk
Add Cache-Control "no-store" to all dynamically generated content
738c432 
This one prevents accidental storing of dynamic content containing
potentially sensitive data in cache. The way we implemented it, we
check if the response already contains "Cache-Control" - if it does
then it means that this is a static content with default cache
control set by SEND_FILE_MAX_AGE_DEFAULT setting (43200 by default).
@boring-cyborg boring-cyborg bot added the area:webserver Webserver related Issues label May 10, 2024
@potiuk potiuk added this to the Airflow 2.9.2 milestone May 10, 2024
@potiuk
Copy link
Member Author

potiuk commented May 10, 2024

Dynamic content:

image

Static content:

image

@potiuk potiuk merged commit 94eb647 into apache:main May 10, 2024
39 checks passed
@potiuk potiuk deleted the add-cache-control-headers branch May 10, 2024 17:54
pateash pushed a commit to pateash/airflow that referenced this pull request May 13, 2024
@potiuk @pateash
Add Cache-Control "no-store" to all dynamically generated content (ap…
ce920df 
…ache#39550)

This one prevents accidental storing of dynamic content containing
potentially sensitive data in cache. The way we implemented it, we
check if the response already contains "Cache-Control" - if it does
then it means that this is a static content with default cache
control set by SEND_FILE_MAX_AGE_DEFAULT setting (43200 by default).
@utkarsharma2 utkarsharma2 added the type:improvement Changelog: Improvements label Jun 3, 2024
ephraimbuddy pushed a commit that referenced this pull request Jun 4, 2024
@potiuk @ephraimbuddy
Add Cache-Control "no-store" to all dynamically generated content (#3…
5b58fae 
…9550)

This one prevents accidental storing of dynamic content containing
potentially sensitive data in cache. The way we implemented it, we
check if the response already contains "Cache-Control" - if it does
then it means that this is a static content with default cache
control set by SEND_FILE_MAX_AGE_DEFAULT setting (43200 by default).

(cherry picked from commit 94eb647)
@utkarsharma2 utkarsharma2 added type:bug-fix Changelog: Bug Fixes and removed type:improvement Changelog: Improvements labels Jun 4, 2024
utkarsharma2 pushed a commit that referenced this pull request Jun 5, 2024
@potiuk @utkarsharma2
Add Cache-Control "no-store" to all dynamically generated content (#3…
0920ae9 
…9550)

This one prevents accidental storing of dynamic content containing
potentially sensitive data in cache. The way we implemented it, we
check if the response already contains "Cache-Control" - if it does
then it means that this is a static content with default cache
control set by SEND_FILE_MAX_AGE_DEFAULT setting (43200 by default).

(cherry picked from commit 94eb647)
@utkarsharma2 utkarsharma2 mentioned this pull request Jun 6, 2024
Closed
41 tasks
@GoVulnBot GoVulnBot mentioned this pull request Jun 14, 2024
Closed
romsharon98 pushed a commit to romsharon98/airflow that referenced this pull request Jul 26, 2024
@potiuk @romsharon98
Add Cache-Control "no-store" to all dynamically generated content (ap…
8037097 
…ache#39550)

This one prevents accidental storing of dynamic content containing
potentially sensitive data in cache. The way we implemented it, we
check if the response already contains "Cache-Control" - if it does
then it means that this is a static content with default cache
control set by SEND_FILE_MAX_AGE_DEFAULT setting (43200 by default).
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@hussein-awala hussein-awala hussein-awala approved these changes

@ryanahamilton ryanahamilton Awaiting requested review from ryanahamilton ryanahamilton is a code owner

@ashb ashb Awaiting requested review from ashb ashb is a code owner

@bbovenzi bbovenzi Awaiting requested review from bbovenzi bbovenzi is a code owner

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun pierrejeambrun is a code owner

@jedcunningham jedcunningham Awaiting requested review from jedcunningham

@jscheffl jscheffl Awaiting requested review from jscheffl jscheffl is a code owner

Assignees
No one assigned
Labels
area:webserver Webserver related Issues type:bug-fix Changelog: Bug Fixes
Projects
None yet
Milestone
Airflow 2.9.2
Development

Successfully merging this pull request may close these issues.
3 participants
@potiuk @hussein-awala @utkarsharma2