Make sure private toots remain private and do not end up in HTTP caches (#6175)

This commit is contained in:
ThibG 2018-01-04 14:39:38 +01:00 committed by Eugen Rochko
parent 89daeb43a8
commit 3bee0996c5
2 changed files with 4 additions and 3 deletions

View file

@ -124,6 +124,7 @@ class ApplicationController < ActionController::Base
def render_cached_json(cache_key, **options) def render_cached_json(cache_key, **options)
options[:expires_in] ||= 3.minutes options[:expires_in] ||= 3.minutes
options[:public] ||= true
cache_key = cache_key.join(':') if cache_key.is_a?(Enumerable) cache_key = cache_key.join(':') if cache_key.is_a?(Enumerable)
content_type = options.delete(:content_type) || 'application/json' content_type = options.delete(:content_type) || 'application/json'
@ -131,7 +132,7 @@ class ApplicationController < ActionController::Base
yield.to_json yield.to_json
end end
expires_in options[:expires_in], public: true expires_in options[:expires_in], public: options[:public]
render json: data, content_type: content_type render json: data, content_type: content_type
end end

View file

@ -24,7 +24,7 @@ class StatusesController < ApplicationController
format.json do format.json do
skip_session! unless @stream_entry.hidden? skip_session! unless @stream_entry.hidden?
render_cached_json(['activitypub', 'note', @status.cache_key], content_type: 'application/activity+json') do render_cached_json(['activitypub', 'note', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter) ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter)
end end
end end
@ -34,7 +34,7 @@ class StatusesController < ApplicationController
def activity def activity
skip_session! skip_session!
render_cached_json(['activitypub', 'activity', @status.cache_key], content_type: 'application/activity+json') do render_cached_json(['activitypub', 'activity', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter) ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter)
end end
end end