1 files changed, 9 insertions, 2 deletions

diff --git a/src/mhd/mhd_legal.c b/src/mhd/mhd_legal.c
index 5a600953e..8353a6901 100644
--- a/src/mhd/mhd_legal.c
+++ b/src/mhd/mhd_legal.c
@@ -1,6 +1,6 @@
 /*
   This file is part of TALER
-  Copyright (C) 2019, 2020, 2022 Taler Systems SA
+  Copyright (C) 2019, 2020, 2022, 2024 Taler Systems SA
 
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU Affero General Public License as published by the Free Software
@@ -131,6 +131,7 @@ mime_matches (const char *accept_pattern,
   if ( (NULL == da) ||
        (NULL == dm) )
     return (0 == strcmp ("*", accept_pattern));
+  // FIXME: use TALER_MHD_check_accept() here!
   /* FIXME: eventually, we might want to parse the "q=$FLOAT"
      part after the ';' and figure out which one is the
      best/preferred match instead of returning a boolean... */
@@ -187,6 +188,12 @@ TALER_MHD_reply_legal (struct MHD_Connection *conn,
 
   a = GNUNET_TIME_relative_to_absolute (MAX_TERMS_CACHING);
   m = GNUNET_TIME_absolute_to_timestamp (a);
+  /* Round up to next full day to ensure the expiration
+     time does not become a fingerprint! */
+  a = GNUNET_TIME_absolute_round_down (a,
+                                       MAX_TERMS_CACHING);
+  a = GNUNET_TIME_absolute_add (a,
+                                MAX_TERMS_CACHING);
   TALER_MHD_get_date_string (m.abs_time,
                              dat);
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -351,7 +358,7 @@ TALER_MHD_reply_legal (struct MHD_Connection *conn,
   GNUNET_break (MHD_YES ==
                 MHD_add_response_header (resp,
                                          MHD_HTTP_HEADER_CACHE_CONTROL,
-                                         "public max-age=864000"));
+                                         "public,max-age=864000"));
   if (NULL != legal)
     GNUNET_break (MHD_YES ==
                   MHD_add_response_header (resp,