diff options
Diffstat (limited to 'src/exchange/taler-exchange-httpd_keys.c')
-rw-r--r-- | src/exchange/taler-exchange-httpd_keys.c | 27 |
1 files changed, 9 insertions, 18 deletions
diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c index 05fb685e0..0ec28e950 100644 --- a/src/exchange/taler-exchange-httpd_keys.c +++ b/src/exchange/taler-exchange-httpd_keys.c @@ -2273,12 +2273,10 @@ setup_general_response_headers (void *cls, MHD_add_response_header (response, MHD_HTTP_HEADER_CONTENT_TYPE, "application/json")); - TALER_MHD_get_date_string (ksh->reload_time.abs_time, - dat); GNUNET_break (MHD_YES == MHD_add_response_header (response, - MHD_HTTP_HEADER_LAST_MODIFIED, - dat)); + MHD_HTTP_HEADER_CACHE_CONTROL, + "public,must-revalidate,max-age=86400")); if (! GNUNET_TIME_relative_is_zero (ksh->rekey_frequency)) { struct GNUNET_TIME_Relative r; @@ -2290,6 +2288,12 @@ setup_general_response_headers (void *cls, r = GNUNET_TIME_relative_min (TEH_max_keys_caching, ksh->rekey_frequency); a = GNUNET_TIME_relative_to_absolute (r); + /* Round up to next full day to ensure the expiration + time does not become a fingerprint! */ + a = GNUNET_TIME_absolute_round_down (a, + GNUNET_TIME_UNIT_DAYS); + a = GNUNET_TIME_absolute_add (a, + GNUNET_TIME_UNIT_DAYS); km = GNUNET_TIME_absolute_to_timestamp (a); we = GNUNET_TIME_absolute_to_timestamp (wire_state->cache_expiration); m = GNUNET_TIME_timestamp_min (we, @@ -2314,11 +2318,6 @@ setup_general_response_headers (void *cls, MHD_add_response_header (response, MHD_HTTP_HEADER_VARY, MHD_HTTP_HEADER_ACCEPT_ENCODING)); - /* Information is always public, revalidate after 1 hour */ - GNUNET_break (MHD_YES == - MHD_add_response_header (response, - MHD_HTTP_HEADER_CACHE_CONTROL, - "public,max-age=3600")); } @@ -2596,6 +2595,7 @@ create_krd (struct TEH_KeyStateHandle *ksh, GNUNET_assert (NULL != krd.response_uncompressed); setup_general_response_headers (ksh, krd.response_uncompressed); + /* Information is always public, revalidate after 1 day */ GNUNET_break (MHD_YES == MHD_add_response_header (krd.response_uncompressed, MHD_HTTP_HEADER_ETAG, @@ -2617,18 +2617,9 @@ create_krd (struct TEH_KeyStateHandle *ksh, "deflate")) ); setup_general_response_headers (ksh, krd.response_compressed); - /* Set cache control headers: our response varies depending on these headers */ - GNUNET_break (MHD_YES == - MHD_add_response_header (krd.response_compressed, - MHD_HTTP_HEADER_VARY, - MHD_HTTP_HEADER_ACCEPT_ENCODING)); /* Information is always public, revalidate after 1 day */ GNUNET_break (MHD_YES == MHD_add_response_header (krd.response_compressed, - MHD_HTTP_HEADER_CACHE_CONTROL, - "public,max-age=86400")); - GNUNET_break (MHD_YES == - MHD_add_response_header (krd.response_compressed, MHD_HTTP_HEADER_ETAG, etag)); krd.etag = GNUNET_strdup (etag); |