summaryrefslogtreecommitdiff
path: root/src/exchange/taler-exchange-httpd_keys.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/exchange/taler-exchange-httpd_keys.c')
-rw-r--r--src/exchange/taler-exchange-httpd_keys.c27
1 files changed, 9 insertions, 18 deletions
diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c
index 05fb685e0..0ec28e950 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -2273,12 +2273,10 @@ setup_general_response_headers (void *cls,
MHD_add_response_header (response,
MHD_HTTP_HEADER_CONTENT_TYPE,
"application/json"));
- TALER_MHD_get_date_string (ksh->reload_time.abs_time,
- dat);
GNUNET_break (MHD_YES ==
MHD_add_response_header (response,
- MHD_HTTP_HEADER_LAST_MODIFIED,
- dat));
+ MHD_HTTP_HEADER_CACHE_CONTROL,
+ "public,must-revalidate,max-age=86400"));
if (! GNUNET_TIME_relative_is_zero (ksh->rekey_frequency))
{
struct GNUNET_TIME_Relative r;
@@ -2290,6 +2288,12 @@ setup_general_response_headers (void *cls,
r = GNUNET_TIME_relative_min (TEH_max_keys_caching,
ksh->rekey_frequency);
a = GNUNET_TIME_relative_to_absolute (r);
+ /* Round up to next full day to ensure the expiration
+ time does not become a fingerprint! */
+ a = GNUNET_TIME_absolute_round_down (a,
+ GNUNET_TIME_UNIT_DAYS);
+ a = GNUNET_TIME_absolute_add (a,
+ GNUNET_TIME_UNIT_DAYS);
km = GNUNET_TIME_absolute_to_timestamp (a);
we = GNUNET_TIME_absolute_to_timestamp (wire_state->cache_expiration);
m = GNUNET_TIME_timestamp_min (we,
@@ -2314,11 +2318,6 @@ setup_general_response_headers (void *cls,
MHD_add_response_header (response,
MHD_HTTP_HEADER_VARY,
MHD_HTTP_HEADER_ACCEPT_ENCODING));
- /* Information is always public, revalidate after 1 hour */
- GNUNET_break (MHD_YES ==
- MHD_add_response_header (response,
- MHD_HTTP_HEADER_CACHE_CONTROL,
- "public,max-age=3600"));
}
@@ -2596,6 +2595,7 @@ create_krd (struct TEH_KeyStateHandle *ksh,
GNUNET_assert (NULL != krd.response_uncompressed);
setup_general_response_headers (ksh,
krd.response_uncompressed);
+ /* Information is always public, revalidate after 1 day */
GNUNET_break (MHD_YES ==
MHD_add_response_header (krd.response_uncompressed,
MHD_HTTP_HEADER_ETAG,
@@ -2617,18 +2617,9 @@ create_krd (struct TEH_KeyStateHandle *ksh,
"deflate")) );
setup_general_response_headers (ksh,
krd.response_compressed);
- /* Set cache control headers: our response varies depending on these headers */
- GNUNET_break (MHD_YES ==
- MHD_add_response_header (krd.response_compressed,
- MHD_HTTP_HEADER_VARY,
- MHD_HTTP_HEADER_ACCEPT_ENCODING));
/* Information is always public, revalidate after 1 day */
GNUNET_break (MHD_YES ==
MHD_add_response_header (krd.response_compressed,
- MHD_HTTP_HEADER_CACHE_CONTROL,
- "public,max-age=86400"));
- GNUNET_break (MHD_YES ==
- MHD_add_response_header (krd.response_compressed,
MHD_HTTP_HEADER_ETAG,
etag));
krd.etag = GNUNET_strdup (etag);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-07 15:13:36 +0000