mirror of
https://github.com/immich-app/immich.git
synced 2025-01-13 15:35:15 +02:00
fix(server): use private cache (#3017)
The omission of additional cache-control directives implied the resource could be stored in shared/public caches, which is not desirable. In addition, the no-transform directive will ensure content is not unintentionally mangled. Fixes: #3014
This commit is contained in:
parent
fbd98ec0f9
commit
e5908f2508
@ -162,7 +162,7 @@ export class AssetController {
|
|||||||
|
|
||||||
@SharedLinkRoute()
|
@SharedLinkRoute()
|
||||||
@Get('/file/:id')
|
@Get('/file/:id')
|
||||||
@Header('Cache-Control', 'max-age=31536000')
|
@Header('Cache-Control', 'private, max-age=86400, no-transform')
|
||||||
@ApiOkResponse({ content: { 'application/octet-stream': { schema: { type: 'string', format: 'binary' } } } })
|
@ApiOkResponse({ content: { 'application/octet-stream': { schema: { type: 'string', format: 'binary' } } } })
|
||||||
serveFile(
|
serveFile(
|
||||||
@AuthUser() authUser: AuthUserDto,
|
@AuthUser() authUser: AuthUserDto,
|
||||||
@ -176,7 +176,7 @@ export class AssetController {
|
|||||||
|
|
||||||
@SharedLinkRoute()
|
@SharedLinkRoute()
|
||||||
@Get('/thumbnail/:id')
|
@Get('/thumbnail/:id')
|
||||||
@Header('Cache-Control', 'max-age=31536000')
|
@Header('Cache-Control', 'private, max-age=86400, no-transform')
|
||||||
@ApiOkResponse({ content: { 'application/octet-stream': { schema: { type: 'string', format: 'binary' } } } })
|
@ApiOkResponse({ content: { 'application/octet-stream': { schema: { type: 'string', format: 'binary' } } } })
|
||||||
getAssetThumbnail(
|
getAssetThumbnail(
|
||||||
@AuthUser() authUser: AuthUserDto,
|
@AuthUser() authUser: AuthUserDto,
|
||||||
|
@ -98,7 +98,7 @@ export class UserController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Get('/profile-image/:userId')
|
@Get('/profile-image/:userId')
|
||||||
@Header('Cache-Control', 'max-age=600')
|
@Header('Cache-Control', 'private, max-age=86400, no-transform')
|
||||||
async getProfileImage(@Param() { userId }: UserIdDto, @Response({ passthrough: true }) res: Res): Promise<any> {
|
async getProfileImage(@Param() { userId }: UserIdDto, @Response({ passthrough: true }) res: Res): Promise<any> {
|
||||||
const readableStream = await this.service.getUserProfileImage(userId);
|
const readableStream = await this.service.getUserProfileImage(userId);
|
||||||
res.header('Content-Type', 'image/jpeg');
|
res.header('Content-Type', 'image/jpeg');
|
||||||
|
Loading…
Reference in New Issue
Block a user