Skip to content
代码片段 群组 项目
提交 2582d57a 编辑于 作者: Smriti Garg's avatar Smriti Garg
浏览文件

Merge branch 'dbiryukov_add_response_headers_to_jwks_mr-374001' into 'master'

No related branches found
No related tags found
无相关合并请求
...@@ -2,6 +2,10 @@ ...@@ -2,6 +2,10 @@
class JwksController < Doorkeeper::OpenidConnect::DiscoveryController class JwksController < Doorkeeper::OpenidConnect::DiscoveryController
def index def index
if ::Feature.enabled?(:cache_control_headers_for_openid_jwks)
expires_in 24.hours, public: true, must_revalidate: true, 'no-transform': true
end
render json: { keys: payload } render json: { keys: payload }
end end
......
---
name: cache_control_headers_for_openid_jwks
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138405
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/433360
milestone: '16.7'
type: development
group: group::pipeline security
default_enabled: false
\ No newline at end of file
...@@ -55,5 +55,26 @@ ...@@ -55,5 +55,26 @@
end end
end end
end end
it 'has cache control header' do
get jwks_url
expect(response).to have_gitlab_http_status(:ok)
expect(response.headers['Cache-Control']).to include('max-age=86400', 'public', 'must-revalidate', 'no-transform')
end
context 'when cache_control_headers_for_openid_jwks feature flag is disabled' do
before do
stub_feature_flags(cache_control_headers_for_openid_jwks: false)
end
it 'does not have cache control header' do
get jwks_url
expect(response).to have_gitlab_http_status(:ok)
expect(response.headers['Cache-Control']).not_to include('max-age=86400', 'public',
'no-transform')
end
end
end end
end end
0% 加载中 .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册