Add Cache-Control headers to all JSON APIs

It is especially important that sync requests don't get cached, as if a sync returns the same token given then the client will call sync with the same parameters again. If the previous response was cached it will get reused, resulting in the client tight looping making the same request and never making any progress. In general, clients will expect to get up to date data when requesting APIs, and so its safer to do a blanket no cache policy than only whitelisting APIs that we know will break things if they get cached.
author: Erik Johnston <erik@matrix.org> 2018-03-21 17:46:26 +0000
committer: Erik Johnston <erik@matrix.org> 2018-03-21 17:46:26 +0000
commit: 1c41b05c8c98f0b9157c791b5b8ebf5f9fe85acf (patch)
tree: 1c02e6fe77ddd5a596668743852fe5610f2a25e7 /synapse
parent: Merge pull request #3015 from matrix-org/erikj/simplejson_replication (diff)
download: synapse-1c41b05c8c98f0b9157c791b5b8ebf5f9fe85acf.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/synapse/http/server.py b/synapse/http/server.py
index 1551db239d..f19c068ef6 100644
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -488,6 +488,7 @@ def respond_with_json_bytes(request, code, json_bytes, send_cors=False,
     request.setHeader(b"Content-Type", b"application/json")
     request.setHeader(b"Server", version_string)
     request.setHeader(b"Content-Length", b"%d" % (len(json_bytes),))
+    request.setHeader(b"Cache-Control", b"no-cache, no-store, must-revalidate")
 
     if send_cors:
         set_cors_headers(request)
author	Erik Johnston <erik@matrix.org>	2018-03-21 17:46:26 +0000
committer	Erik Johnston <erik@matrix.org>	2018-03-21 17:46:26 +0000
commit	1c41b05c8c98f0b9157c791b5b8ebf5f9fe85acf (patch)
tree	1c02e6fe77ddd5a596668743852fe5610f2a25e7 /synapse
parent	Merge pull request #3015 from matrix-org/erikj/simplejson_replication (diff)
download	synapse-1c41b05c8c98f0b9157c791b5b8ebf5f9fe85acf.tar.xz