Appwrite/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite.git synced 2026-05-26 13:51:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3a5bb98b70528fe2be1bc5b409aa3de1bb9c8afe
appwrite/app/controllers/shared
T
History
loks0n 3a5bb98b70 refactor(cache): generalize content-type guard and gate bypass to privileged callers 
Addresses review feedback on the prior commit:

- The shared cache middleware should not hardcode `image/*`. Replace the
  inline content-type check with a generic `cache.contentType` route
  label (a prefix match). Each route that opts into caching now declares
  `->label('cache.contentType', 'image/')` alongside `->label('cache', true)`.
- A public `Cache-Control: no-cache` bypass is a DDoS vector on expensive
  pipelines (Imagick transforms, Chromium screenshots). Restrict the
  bypass to privileged callers — API keys, admin console, and other
  server-side contexts — so only trusted traffic can force-miss the cache.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 11:29:35 +01:00
..
api
refactor: convert User::isApp() and User::isPrivileged() from static to instance methods
2026-03-26 02:47:56 +00:00
api.php
refactor(cache): generalize content-type guard and gate bypass to privileged callers
2026-04-23 11:29:35 +01:00