Send cache-control header for max-age=0, private

Some queries, like on `/your-outfits`, had the cache hint `max-age=0, private` set. In this case, our cache code sent no cache header, on the assumption that no header would result in no caching. This was true on Vercel, but isn't true on our new Fastly setup! (Which makes sense, Vercel was a bit more aggressive here I think.) This was causing an arbitrary user's data to be cached by Fastly as the result for `/your-outfits`. (We found this bug before launching the Fastly cache though, don't worry! No actual user data leaked!) Now, as of this change, the `/your-outfits` query correctly sends a header of `Cache-Control: max-age=0, private`. This directs Fastly not to cache the result. To fix this, we made a change to our HTTP header code, which is forked from Apollo's stuff.
2021-11-16 12:34:11 -08:00 · 2021-11-16 12:34:11 -08:00 · b73e2e1123
commit b73e2e1123
parent cadf7487af
1 changed files with 18 additions and 7 deletions
--- a/src/server/lib/apollo-cache-control-fork.ts
+++ b/src/server/lib/apollo-cache-control-fork.ts
@ -299,13 +299,24 @@ function computeOverallCachePolicy(

  // If maxAge is 0, then we consider it uncacheable so it doesn't matter what
  // the scope was.
-  return lowestMaxAge && lowestMaxAgePlusSWR // FORK
-    ? {
+  if (lowestMaxAge && lowestMaxAgePlusSWR) {
+    return {
      maxAge: lowestMaxAge,
      staleWhileRevalidate: lowestMaxAgePlusSWR - lowestMaxAge, // FORK
      scope,
+    };
+  } else if (scope !== CacheScope.Public) {
+    // TODO: It'd probably be a bit better to leave the ages unspecified if
+    //       the hints didn't specify them, but I don't wanna mess with the
+    //       header-writing code right now.
+    return {
+      maxAge: 0,
+      staleWhileRevalidate: 0,
+      scope,
+    };
+  } else {
+    return undefined;
  }
-    : undefined;
 }

 function addHint(