From: Gidi Kroon <Gidi@gidikroon.eu>
Date: Sun, 25 Jun 2023 01:22:41 +0000 (+0200)
Subject: Add Vary header in case of content negotiation
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=6a5266c6b8a2a5324fe3f1543ec63230e4d1f16d;p=friendica.git

Add Vary header in case of content negotiation

Sometimes we return different content depending on whether JSON, XML or
HTML was requested in the Accept request header. The Vary response
header should list that header in these cases, to allow caching
frameworks to determine what to cache.
---

diff --git a/src/Module/ActivityPub/Objects.php b/src/Module/ActivityPub/Objects.php
index 34d4609511..2d5862a1c4 100644
--- a/src/Module/ActivityPub/Objects.php
+++ b/src/Module/ActivityPub/Objects.php
@@ -130,6 +130,8 @@ class Objects extends BaseModule
 		// Relaxed CORS header for public items
 		header('Access-Control-Allow-Origin: *');
 
+		header('Vary: Accept', false);
+
 		System::jsonExit($data, 'application/activity+json');
 	}
 }
diff --git a/src/Module/Friendica.php b/src/Module/Friendica.php
index 90869878e4..739078763f 100644
--- a/src/Module/Friendica.php
+++ b/src/Module/Friendica.php
@@ -90,6 +90,8 @@ class Friendica extends BaseModule
 			$blocked = null;
 		}
 
+		header('Vary: Accept', false);
+
 		$hooked = '';
 
 		Hook::callAll('about_hook', $hooked);
@@ -125,6 +127,7 @@ class Friendica extends BaseModule
 				$data = ActivityPub\Transmitter::getProfile(0);
 				header('Access-Control-Allow-Origin: *');
 				header('Cache-Control: max-age=23200, stale-while-revalidate=23200');
+				header('Vary: Accept', false);
 				System::jsonExit($data, 'application/activity+json');
 			} catch (HTTPException\NotFoundException $e) {
 				System::jsonError(404, ['error' => 'Record not found']);
diff --git a/src/Module/Item/Display.php b/src/Module/Item/Display.php
index b2ed43c5b5..54e55de2fc 100644
--- a/src/Module/Item/Display.php
+++ b/src/Module/Item/Display.php
@@ -162,6 +162,8 @@ class Display extends BaseModule
 
 		$output .= $this->getDisplayData($item);
 
+		header('Vary: Accept', false);
+
 		return $output;
 	}
 
diff --git a/src/Module/Profile/Profile.php b/src/Module/Profile/Profile.php
index 5e5028cb86..b8f16656eb 100644
--- a/src/Module/Profile/Profile.php
+++ b/src/Module/Profile/Profile.php
@@ -87,6 +87,7 @@ class Profile extends BaseProfile
 					$data = ActivityPub\Transmitter::getProfile($user['uid']);
 					header('Access-Control-Allow-Origin: *');
 					header('Cache-Control: max-age=23200, stale-while-revalidate=23200');
+					header('Vary: Accept', false);
 					System::jsonExit($data, 'application/activity+json');
 				} catch (HTTPException\NotFoundException $e) {
 					System::jsonError(404, ['error' => 'Record not found']);
@@ -103,6 +104,8 @@ class Profile extends BaseProfile
 				System::jsonError(404, []);
 			}
 		}
+
+		header('Vary: Accept', false);
 	}
 
 	protected function content(array $request = []): string
diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php
index 6a4c0e860d..71a3d37a9e 100644
--- a/src/Module/Xrd.php
+++ b/src/Module/Xrd.php
@@ -152,6 +152,7 @@ class Xrd extends BaseModule
 			]
 		];
 		header('Access-Control-Allow-Origin: *');
+		header('Vary: Accept', false);
 		System::jsonExit($json, 'application/jrd+json; charset=utf-8');
 	}
 
@@ -229,6 +230,7 @@ class Xrd extends BaseModule
 		];
 
 		header('Access-Control-Allow-Origin: *');
+		header('Vary: Accept', false);
 		System::jsonExit($json, 'application/jrd+json; charset=utf-8');
 	}
 
@@ -326,7 +328,7 @@ class Xrd extends BaseModule
 		]);
 
 		header('Access-Control-Allow-Origin: *');
-
+		header('Vary: Accept', false);
 		System::httpExit($xmlString, Response::TYPE_XML, 'application/xrd+xml');
 	}
 }