From 0004705fc7bdb326210d802aa6cf59934f088d30 Mon Sep 17 00:00:00 2001
From: Sebastien DUMETZ <s.dumetz@holusion.com>
Date: Wed, 12 Jun 2024 14:51:05 +0200
Subject: [PATCH] stricter cache-control directives. fix #42

---
 source/server/routes/api/v1/index.ts      |  2 +-
 source/server/routes/api/v1/scenes/get.ts |  2 +-
 source/server/routes/scenes/index.ts      |  3 ++-
 source/server/server.ts                   | 15 +++++----------
 4 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/source/server/routes/api/v1/index.ts b/source/server/routes/api/v1/index.ts
index 0cd5193d..9af7e346 100644
--- a/source/server/routes/api/v1/index.ts
+++ b/source/server/routes/api/v1/index.ts
@@ -36,7 +36,7 @@ const router = Router();
  */
 router.use((req, res, next)=>{
   //Browser should always make the request
-  res.set("Cache-Control", "max-age=0, must-revalidate");
+  res.set("Cache-Control", "no-cache");
   next();
 });
 
diff --git a/source/server/routes/api/v1/scenes/get.ts b/source/server/routes/api/v1/scenes/get.ts
index 2dba8251..893e8479 100644
--- a/source/server/routes/api/v1/scenes/get.ts
+++ b/source/server/routes/api/v1/scenes/get.ts
@@ -77,7 +77,7 @@ export default async function getScenes(req :Request, res :Response){
     if(lastModified < mtime) lastModified = mtime;
   }
 
-  res.append("Cache-Control", "private");
+  res.set("Cache-Control", "no-cache, private");
   res.set("ETag", "W/"+eTag.digest("base64url"));
   res.set("Last-Modified", new Date(lastModified).toUTCString());
   if( req.fresh){
diff --git a/source/server/routes/scenes/index.ts b/source/server/routes/scenes/index.ts
index e96be76f..2e8dbb95 100644
--- a/source/server/routes/scenes/index.ts
+++ b/source/server/routes/scenes/index.ts
@@ -22,7 +22,8 @@ const router = Router();
  * Settings can be changed individually further down the line
  */
 router.use((req, res, next)=>{
-  res.set("Cache-Control", "max-age=0, must-revalidate");
+  res.set("Access-Control-Allow-Origin", "*");
+  res.set("Cache-Control", "no-cache, private");
   next();
 });
 
diff --git a/source/server/server.ts b/source/server/server.ts
index 4021f515..35b74042 100644
--- a/source/server/server.ts
+++ b/source/server/server.ts
@@ -95,20 +95,15 @@ export default async function createServer(config = defaultConfig) :Promise<expr
   /**
    * Set permissive cache-control for ui pages
    */
-  app.use(["/ui", "/js", "/css", "/doc", "/language"], (req, res, next)=>{
+  app.use("/ui", (req :express.Request, res:express.Response, next)=>{
     res.set("Cache-Control", `max-age=${30*60}, public`);
     next();
   });
-  /**
-   * Set even more permissive cache-control for static assets
-   */
-  app.use(["/images", "/fonts", "/favicon.png"], (req, res, next)=>{
-    res.set("Cache-Control", `max-age=${60*60*24*30*12}, public`);
-    next();
-  });
-  
+
+  //Ideally we would like a really long cache time for /dist but it requires unique filenames for each build
   //Allow CORS for assets that might get embedded
-  app.use(["/dist", "/scenes"], (req, res, next)=>{
+  app.use("/dist", (req, res, next)=>{
+    res.set("Cache-Control", `max-age=${30*60}, public`);
     res.set("Access-Control-Allow-Origin", "*");
     next();
   });