Add Vary header in case of content negotiation

Sometimes we return different content depending on whether JSON, XML or
HTML was requested in the Accept request header. The Vary response
header should list that header in these cases, to allow caching
frameworks to determine what to cache.

diff --git a/src/Module/ActivityPub/Objects.php b/src/Module/ActivityPub/Objects.php
index 34d4609511447a577b32b413badac788dd331ed6..2d5862a1c4aeca22b7c1703df1dfcf7e431c4ced 100644 (file)
--- a/src/Module/ActivityPub/Objects.php
+++ b/src/Module/ActivityPub/Objects.php
@@ -130,6 +130,8 @@ class Objects extends BaseModule
                // Relaxed CORS header for public items
                header('Access-Control-Allow-Origin: *');
 
+               header('Vary: Accept', false);
+
                System::jsonExit($data, 'application/activity+json');
        }
 }

diff --git a/src/Module/Friendica.php b/src/Module/Friendica.php
index 90869878e47b131e32aab5c784a00902496419ac..739078763fd5d6e9286f85ce0d9a80c5939c8ab0 100644 (file)
--- a/src/Module/Friendica.php
+++ b/src/Module/Friendica.php
@@ -90,6 +90,8 @@ class Friendica extends BaseModule
                        $blocked = null;
                }
 
+               header('Vary: Accept', false);
+
                $hooked = '';
 
                Hook::callAll('about_hook', $hooked);
@@ -125,6 +127,7 @@ class Friendica extends BaseModule
                                $data = ActivityPub\Transmitter::getProfile(0);
                                header('Access-Control-Allow-Origin: *');
                                header('Cache-Control: max-age=23200, stale-while-revalidate=23200');
+                               header('Vary: Accept', false);
                                System::jsonExit($data, 'application/activity+json');
                        } catch (HTTPException\NotFoundException $e) {
                                System::jsonError(404, ['error' => 'Record not found']);

diff --git a/src/Module/Item/Display.php b/src/Module/Item/Display.php
index b2ed43c5b51d707125818e8b68aadbada5c6958f..54e55de2fc3db8fcb5a1e29bce6c708ed5c2cd6b 100644 (file)
--- a/src/Module/Item/Display.php
+++ b/src/Module/Item/Display.php
@@ -162,6 +162,8 @@ class Display extends BaseModule
 
                $output .= $this->getDisplayData($item);
 
+               header('Vary: Accept', false);
+
                return $output;
        }
 

diff --git a/src/Module/Profile/Profile.php b/src/Module/Profile/Profile.php
index 5e5028cb865f76c50a20b73162ce6f5378dae1d1..b8f16656ebd4ff00b276f65ca1c98df585c858c8 100644 (file)
--- a/src/Module/Profile/Profile.php
+++ b/src/Module/Profile/Profile.php
@@ -87,6 +87,7 @@ class Profile extends BaseProfile
                                        $data = ActivityPub\Transmitter::getProfile($user['uid']);
                                        header('Access-Control-Allow-Origin: *');
                                        header('Cache-Control: max-age=23200, stale-while-revalidate=23200');
+                                       header('Vary: Accept', false);
                                        System::jsonExit($data, 'application/activity+json');
                                } catch (HTTPException\NotFoundException $e) {
                                        System::jsonError(404, ['error' => 'Record not found']);
@@ -103,6 +104,8 @@ class Profile extends BaseProfile
                                System::jsonError(404, []);
                        }
                }
+
+               header('Vary: Accept', false);
        }
 
        protected function content(array $request = []): string

diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php
index 6a4c0e860d31be4c12b07e005074a705d3647ba8..71a3d37a9e996e81e34710055fd60f526d1abdb2 100644 (file)
--- a/src/Module/Xrd.php
+++ b/src/Module/Xrd.php
@@ -152,6 +152,7 @@ class Xrd extends BaseModule
                        ]
                ];
                header('Access-Control-Allow-Origin: *');
+               header('Vary: Accept', false);
                System::jsonExit($json, 'application/jrd+json; charset=utf-8');
        }
 
@@ -229,6 +230,7 @@ class Xrd extends BaseModule
                ];
 
                header('Access-Control-Allow-Origin: *');
+               header('Vary: Accept', false);
                System::jsonExit($json, 'application/jrd+json; charset=utf-8');
        }
 
@@ -326,7 +328,7 @@ class Xrd extends BaseModule
                ]);
 
                header('Access-Control-Allow-Origin: *');
-
+               header('Vary: Accept', false);
                System::httpExit($xmlString, Response::TYPE_XML, 'application/xrd+xml');
        }
 }