From 497aed39483f0853280bbb7e1ca50f8d4d3e28e0 Mon Sep 17 00:00:00 2001
From: "Mark A. Hershberger" <mah@everybody.org>
Date: Tue, 3 Mar 2015 17:17:58 -0500
Subject: [PATCH] Browser should clear cache for API responses

By default we send "private, must-revalidate, max-age=0" for regular
logged-in wiki viewing.  This changes API responses to match.

Later, someone should update the Cache-Control header generation so
that it works the same for API responses as it does for OutputPage.
This is becoming more important since we're using the API instead of
OutputPage for editing with VisualEditor.

Bug: T74480
Change-Id: Ib309df8568de2c7137b6d13b9ca4004150a772dd
---
 includes/api/ApiMain.php | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index d5cd475a5f..9dc2411849 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -658,8 +658,24 @@ class ApiMain extends ApiBase {
 			$out->addVaryHeader( 'X-Forwarded-Proto' );
 		}
 
+		// The logic should be:
+		// $this->mCacheControl['max-age'] is set?
+		//    Use it, the module knows better than our guess.
+		// !$this->mModule || $this->mModule->isWriteMode(), and mCacheMode is private?
+		//    Use 0 because we can guess caching is probably the wrong thing to do.
+		// Use $this->getParameter( 'maxage' ), which already defaults to 0.
+		$maxage = 0;
+		if ( isset( $this->mCacheControl['max-age'] ) ) {
+			$maxage = $this->mCacheControl['max-age'];
+		} elseif ( ( $this->mModule && !$this->mModule->isWriteMode() ) ||
+			$this->mCacheMode !== 'private'
+		) {
+			$maxage = $this->getParameter( 'maxage' );
+		}
+		$privateCache = 'private, must-revalidate, max-age=' . $maxage;
+
 		if ( $this->mCacheMode == 'private' ) {
-			$response->header( 'Cache-Control: private' );
+			$response->header( "Cache-Control: $privateCache" );
 			return;
 		}
 
@@ -671,14 +687,14 @@ class ApiMain extends ApiBase {
 				$response->header( $out->getXVO() );
 				if ( $out->haveCacheVaryCookies() ) {
 					// Logged in, mark this request private
-					$response->header( 'Cache-Control: private' );
+					$response->header( "Cache-Control: $privateCache" );
 					return;
 				}
 				// Logged out, send normal public headers below
 			} elseif ( session_id() != '' ) {
 				// Logged in or otherwise has session (e.g. anonymous users who have edited)
 				// Mark request private
-				$response->header( 'Cache-Control: private' );
+				$response->header( "Cache-Control: $privateCache" );
 
 				return;
 			} // else no XVO and anonymous, send public headers below
@@ -702,7 +718,7 @@ class ApiMain extends ApiBase {
 			// Public cache not requested
 			// Sending a Vary header in this case is harmless, and protects us
 			// against conditional calls of setCacheMaxAge().
-			$response->header( 'Cache-Control: private' );
+			$response->header( "Cache-Control: $privateCache" );
 
 			return;
 		}
-- 
2.20.1