Return cacheable responses from SecuritytxtController

Created on 15 May 2025, 18 days ago

Problem/Motivation

Currently, both the ::securitytxtFile() and the ::securitytxtSignature() methods for the SecuritytxtController controller return uncacheable Response objects, which results in a Cache-Control header value of must-revalidate, no-cache, private. The results in unnecessary requests bootstrapping at origin.

Steps to reproduce

Load /.well-known/security.txt.
Observe the Cache-Control header.

Proposed resolution

Return a CacheableResponse object instead.

The TTL of both the /.well-known/security.txt and /.well-known/security.txt.sig files need to be kept in sync to prevent a cached-induced mismatch. The two files are interdependent and so are their cache invalidations. Proposal: Set the max-age equal to the policy expires timestamp minus the request timestamp.

Remaining tasks

Open MR
Community review

User interface changes

None.

API changes

None.

Data model changes

None.

✨ Feature request

Status

Active

Version

1.0

Component

Code

Created by

🇺🇸United States Chris Burge

Live updates comments and jobs are added and updated live.

Merge Requests

!15Return cacheable responses from SecuritytxtController
Open
🇺🇸United States Chris Burge
updated 18 days ago

Comments & Activities

Issue created by @Chris Burge
Merge request !15Return cacheable responses from SecuritytxtController → (Open) created by Chris Burge
Pipeline finished with Success
18 days ago
Total: 169s
#498318
Comment 18 days ago →
🇺🇸United States Chris Burge

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

Return cacheable responses from SecuritytxtController

Problem/Motivation

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Merge Requests

!15Return cacheable responses from SecuritytxtControllerOpen

Comments & Activities

!15Return cacheable responses from SecuritytxtController
Open