Ref T10262. This removes one-time tokens and makes file data responses always-cacheable (for 30 days).

The URI will stop working once any attached object changes its view policy, or the file view policy itself changes.

Files with canCDN (totally public data like profile images, CSS, JS, etc) use "cache-control: public" so they can be CDN'd.

Files without canCDN use "cache-control: private" so they won't be cached by the CDN. They could still be cached by a misbehaving local cache, but if you don't want your users seeing one anothers' secret files you should configure your local network properly.

Our "Cache-Control" headers were also from 1999 or something, update them to be more modern/sane. I can't find any evidence that any browser has done the wrong thing with this simpler ruleset in the last ~10 years.

• Configured alternate file domain.
• Viewed site: stuff worked.
• Accessed a file on primary domain, got redirected to alternate domain.
• Verified proper cache headers for canCDN (public) and non-canCDN (private) files.
• Uploaded a file to a task, edited task policy, verified it scrambled the old URI.
• Reloaded task, new URI generated transparently.