From 5d9e5e57811d3c046a279141b810501fb5af0dcc Mon Sep 17 00:00:00 2001 From: Broque Thomas <26755000+Nezreka@users.noreply.github.com> Date: Sun, 26 Apr 2026 21:27:46 -0700 Subject: [PATCH] Discover cache: switch from public to private MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Self-review nit on b0e7dae. Discover data is user-specific (hero artists from your watchlist, similar artists from your taste, recently-played derivations, etc.) — `Cache-Control: public` would let intermediate proxies (corporate caching proxy, Cloudflare with cache rules, Nginx with proxy_cache) store one user's response and serve it to another. Privacy leak. Switched to `private, max-age=300`. Browser-only cache, proxies skip. Static assets stay `public` (shared content — everyone gets the same library.js). Streaming and backup endpoints already correct (`no-cache` and `no-store` respectively). 603 tests pass. --- web_server.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/web_server.py b/web_server.py index 6d500ffe..8ce039e8 100644 --- a/web_server.py +++ b/web_server.py @@ -325,6 +325,12 @@ def _add_discover_cache_headers(response): Scope: only `/api/discover/` and `/api/discovery/` paths, only GET, only successful 2xx responses. Any endpoint that explicitly sets its own Cache-Control wins (we don't override). + + Uses `private` not `public` because discover data is user-specific + (hero artists from your watchlist, similar artists from your taste, + etc.). `private` keeps it browser-only — intermediate proxies + (corporate caching proxies, Cloudflare with cache rules, Nginx + proxy_cache) won't store one user's response and serve it to another. """ try: if request.method != 'GET': @@ -336,7 +342,7 @@ def _add_discover_cache_headers(response): return response if response.headers.get('Cache-Control'): return response - response.headers['Cache-Control'] = 'public, max-age=300' + response.headers['Cache-Control'] = 'private, max-age=300' except Exception as exc: # Don't let a header-tagging bug turn a successful response into # a 500 — log and ship the response without the cache header.