Page MenuHomePhabricator

Don't require one-time tokens to view file resources

Authored by epriestley on Apr 6 2016, 8:42 PM.



Ref T10262. This removes one-time tokens and makes file data responses always-cacheable (for 30 days).

The URI will stop working once any attached object changes its view policy, or the file view policy itself changes.

Files with canCDN (totally public data like profile images, CSS, JS, etc) use "cache-control: public" so they can be CDN'd.

Files without canCDN use "cache-control: private" so they won't be cached by the CDN. They could still be cached by a misbehaving local cache, but if you don't want your users seeing one anothers' secret files you should configure your local network properly.

Our "Cache-Control" headers were also from 1999 or something, update them to be more modern/sane. I can't find any evidence that any browser has done the wrong thing with this simpler ruleset in the last ~10 years.

Test Plan
  • Configured alternate file domain.
  • Viewed site: stuff worked.
  • Accessed a file on primary domain, got redirected to alternate domain.
  • Verified proper cache headers for canCDN (public) and non-canCDN (private) files.
  • Uploaded a file to a task, edited task policy, verified it scrambled the old URI.
  • Reloaded task, new URI generated transparently.

Diff Detail

rP Phabricator
Lint Not Applicable
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Don't require one-time tokens to view file resources.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Apr 6 2016, 8:48 PM
This revision was automatically updated to reflect the committed changes.