38 lines
1.7 KiB
JavaScript
38 lines
1.7 KiB
JavaScript
|
/**
|
|||
|
|
* @param {import('express').Request} req
|
|||
|
|
* @param {import('express').Response} res
|
|||
|
|
* @returns Boolean
|
|||
|
|
*/
|
|||
|
|
module.exports.isReqResUserSpecific = (req, res) => {
|
|||
|
|
return req?.get('cookie')
|
|||
|
|
|| req?.get('authorization')
|
|||
|
|
|| res?.get('set-cookie');
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
/**
|
|||
|
|
* Kitchen sink of Cache-Control header values used in Ghost
|
|||
|
|
*
|
|||
|
|
* Reference of value meanings (based on rfc9111 - https://httpwg.org/specs/rfc9111.html):
|
|||
|
|
*
|
|||
|
|
* 'no-cache' - The response MUST NOT be used to satisfy any other request without
|
|||
|
|
* forwarding it for validation and receiving a successful response.
|
|||
|
|
*
|
|||
|
|
* 'private' - Indicates that a shared cache MUST NOT store the response (i.e., the response
|
|||
|
|
* is intended for a single user).
|
|||
|
|
* In context of Ghost it means the header should only be used if there are
|
|||
|
|
* cookie or authorization headers set on the response, otherwise there’s no
|
|||
|
|
* “single user” intention.
|
|||
|
|
*
|
|||
|
|
* 'no-store' - A cache MUST NOT store any part of either the immediate request or the
|
|||
|
|
* response and MUST NOT use the response to satisfy any other request.
|
|||
|
|
*
|
|||
|
|
* 'must-revalidate'- Means that the response must not be reused without revalidation once it is stale.
|
|||
|
|
*
|
|||
|
|
*/
|
|||
|
|
module.exports.cacheControlValues = {
|
|||
|
|
// never cache a single bit in any type of cache
|
|||
|
|
private: 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0',
|
|||
|
|
// never cache except if it's a shared cache (lack of 'private' allows to do so)
|
|||
|
|
noCacheDynamic: 'no-cache, max-age=0, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0'
|
|||
|
|
};
|