Cache-Control header should not be Private when serving packages #498
Comments
|
Sounds promising @matthewskelton. If you're happy to submit a pull request, I welcome that, and will review it. Thanks! |
|
Cool, I will do that. I have logged a related issue #499 too, and will get a fix ready there too, as it's related. |
|
@matthewskelton I think sticking an OutputCache attribute on the action should suffice. |
|
@pranavkm Thanks for the heads-up - I'll be looking at pushing some changes tomorrow. |
|
@pranavkm @drewthedork I think that the semantics of NuGet package versioning (and package versioning in general) means that we should enable downstream servers/proxies to cache the package indefinitely. You would never publish an "updated" version of SomePackage.1.3.8, because you would publish SomePackage 1.3.9 instead. Therefore, I think that Int32.MaxValue is an appropriate cache duration time: In terms of OutputCacheLocation, I think we should avoid telling clients that they can cache it, as we cannot predict how NuGet client needs will evolve over time, hence Downstream for this. Tell me if you think if I'm off the mark here, otherwise, I'll push this ASAP. |
matthewskelton
pushed a commit
to matthewskelton/NuGetGallery
that referenced
this issue
May 20, 2012
|
closing until pull request #505 is re-opened |
xavierdecoster
added a commit
that referenced
this issue
Jun 8, 2017
xavierdecoster
added a commit
that referenced
this issue
Jun 9, 2017
joelverhagen
added a commit
that referenced
this issue
Jun 9, 2017
* Fixed Report Abuse Page's Accessibility (#4001) Fixes #4002. Relevant to [VSTS #395879](https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_workitems?id=395879&_a=edit). This help-text bug was for the sign-in page, but this also affects the Report Abuse page. * Fixed accessibility of email field in report abuse page * Fixed signature accessibility * Use ServerCommon's Response Code Processor (#3999) * Added Nuget.Services.Logging; moved to TelemetryResponseCodeProcessor * Added binding redirect for AI * Removing the "WITH(ONLINE=ON)" from the index creation as per #3952 (#4004) * Removing the "WITH(ONLINE=ON)" from the index creation as per #3952 (#4004) (#4030) * Remove validation rules that block uploading valid semver2 versions #3645 (#3757) * Add support for semVerLevel query parameter to V2 endpoints (#3714) * adding new optional semVerLevel query parameter to v2 odata endpoints * adding new optional semVerLevel query parameter to v2 autocomplete endpoints * Applying semVerLevel filter on v2 OData endpoints * Use [FromUri] attribute on semVerLevel (avoids having single quotes in the parameter value) * Ensure navigation links on v2 feeds use normalized version * Clarifying comment on Get(Id=,Version=) v2 API * Properly default to semver2 inclusion on Get(Id=,Version=) * Compare NormalizedVersion to be able to retrieve matching SemVer2 package versions for a given normalized version string. * Code review feedback * Update and fix broken test data * Keep legacy version compliance checks in place for non-SemVer2 versions (#3761) * Keep legacy version compatibility checks in place for non-semver2 versions * Added comment to clarify the reasons behind the legacy version check. * Fix typo * Rename test for clarity * code review feedback * Set SemVerLevelKey after setting Dependencies * #3861 V2 NuGetEntityTypeSerializer Id link patcher must retain curated feed name (#3864) * Support Is(Absolute)Latest for SemVer2 + semVerLevel for SearchService (#3842) * LuceneIndexingService in Gallery should take into account IsLatest(Stable)SemVer2 (#3863) * POST VerifyPackage version validation should use ToFullString comparison * ODataV2CuratedFeedController should support semver2 by default when requesting a specific version, and compare on NormalizedVersion * Refactor NuGetEntityTypeSerializer + unit test coverage (#3879) * Use NormalizedVersion in URLs contained in PackageAddedNotice (#3886) * Add nullcheck and use TryParse. (#3890) * Show full version on package details page (#3887) * Highlight semver2 packages on package details view (#3893) * Fix bug in IsLatest(Stable)SemVer2 (#3895) * VerifyPackage on ApiController should treat version as optional parameter (#3903) * UpdateIsLatest not resetting IsLatest(Stable)SemVer2 on previous latest versions (#3909) * Fix malformed URL in redirect after package upload (#3915) * Minor fix for search results package URLs (when to use version or not in the URL) * UrlHelper extension for Package should use NormalizedVersion (#3925) * Default to latest stable semver2 on package details page (#3930) * User profile page does not show SemVer 2.0.0 packages #3911 (#3933) * Fix functional test failure SearchMicrosoftDotNetCuratedFeed #3941 (#3942) * Fix System.NotSupportedException on User profile page (#3943) * Fix Functional Test failure for ODataFeeds.V2FeedExtendedTests.FindPackagesByIdTest #3947 (#3948) * Fix load test failure due to incorrect test setup (#3957) * Hijack IsLatest(Stable)Version OData filter when semVerLevel=2.0.0 (#3966) * Detect if package only differ by metadata and show optimal user-facing error message (#3970) * Update Semver2 package details message with final nuget client version #3897 (#3988) * On package validation failure an actionable error message should be displayed. #3916 (#4031) * Make downloads link on home page a proper link (#4052) * Fix the date format on stats page (#4057) * Update telemetry processors (#4059) * Reorder SemVer2Latest migration to match deployment history (#4062) * Average download shown incorrectly when its 1.x #4039 (#4040) * Average download shown incorrectly when its 1.x #4039 * Moved logic to viewmodel and added UTs * Port latest changes made to package details page * SemVer2 - Missing db index on Packages table #498 (#4073) * SemVer2 - Missing db index on Packages table #498 * SemVer2 - Missing db index on Packages table for partial search #499 (#4074) * Package-Versions autocomplete endpoint does not properly handle semVerLevel when using the db #4086 (#4087) * v2 package-versions auto-complete endpoint should exclude deleted versions #4092 (#4093) * Remove auto-refresh AJAX call for total stats on home page #4090 (#4091) * Fix merge conflicts
joelverhagen
added a commit
that referenced
this issue
Jun 19, 2017
* Fixed Report Abuse Page's Accessibility (#4001) Fixes #4002. Relevant to [VSTS #395879](https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_workitems?id=395879&_a=edit). This help-text bug was for the sign-in page, but this also affects the Report Abuse page. * Fixed accessibility of email field in report abuse page * Fixed signature accessibility * Use ServerCommon's Response Code Processor (#3999) * Added Nuget.Services.Logging; moved to TelemetryResponseCodeProcessor * Added binding redirect for AI * Removing the "WITH(ONLINE=ON)" from the index creation as per #3952 (#4004) * Removing the "WITH(ONLINE=ON)" from the index creation as per #3952 (#4004) (#4030) * Remove validation rules that block uploading valid semver2 versions #3645 (#3757) * Add support for semVerLevel query parameter to V2 endpoints (#3714) * adding new optional semVerLevel query parameter to v2 odata endpoints * adding new optional semVerLevel query parameter to v2 autocomplete endpoints * Applying semVerLevel filter on v2 OData endpoints * Use [FromUri] attribute on semVerLevel (avoids having single quotes in the parameter value) * Ensure navigation links on v2 feeds use normalized version * Clarifying comment on Get(Id=,Version=) v2 API * Properly default to semver2 inclusion on Get(Id=,Version=) * Compare NormalizedVersion to be able to retrieve matching SemVer2 package versions for a given normalized version string. * Code review feedback * Update and fix broken test data * Keep legacy version compliance checks in place for non-SemVer2 versions (#3761) * Keep legacy version compatibility checks in place for non-semver2 versions * Added comment to clarify the reasons behind the legacy version check. * Fix typo * Rename test for clarity * code review feedback * Set SemVerLevelKey after setting Dependencies * #3861 V2 NuGetEntityTypeSerializer Id link patcher must retain curated feed name (#3864) * Support Is(Absolute)Latest for SemVer2 + semVerLevel for SearchService (#3842) * LuceneIndexingService in Gallery should take into account IsLatest(Stable)SemVer2 (#3863) * POST VerifyPackage version validation should use ToFullString comparison * ODataV2CuratedFeedController should support semver2 by default when requesting a specific version, and compare on NormalizedVersion * Refactor NuGetEntityTypeSerializer + unit test coverage (#3879) * Use NormalizedVersion in URLs contained in PackageAddedNotice (#3886) * Add nullcheck and use TryParse. (#3890) * Show full version on package details page (#3887) * Highlight semver2 packages on package details view (#3893) * Fix bug in IsLatest(Stable)SemVer2 (#3895) * VerifyPackage on ApiController should treat version as optional parameter (#3903) * UpdateIsLatest not resetting IsLatest(Stable)SemVer2 on previous latest versions (#3909) * Fix malformed URL in redirect after package upload (#3915) * Minor fix for search results package URLs (when to use version or not in the URL) * UrlHelper extension for Package should use NormalizedVersion (#3925) * Default to latest stable semver2 on package details page (#3930) * User profile page does not show SemVer 2.0.0 packages #3911 (#3933) * Fix functional test failure SearchMicrosoftDotNetCuratedFeed #3941 (#3942) * Fix System.NotSupportedException on User profile page (#3943) * Fix Functional Test failure for ODataFeeds.V2FeedExtendedTests.FindPackagesByIdTest #3947 (#3948) * Fix load test failure due to incorrect test setup (#3957) * Hijack IsLatest(Stable)Version OData filter when semVerLevel=2.0.0 (#3966) * Detect if package only differ by metadata and show optimal user-facing error message (#3970) * Update Semver2 package details message with final nuget client version #3897 (#3988) * On package validation failure an actionable error message should be displayed. #3916 (#4031) * Make downloads link on home page a proper link (#4052) * Fix the date format on stats page (#4057) * Update telemetry processors (#4059) * Reorder SemVer2Latest migration to match deployment history (#4062) * Average download shown incorrectly when its 1.x #4039 (#4040) * Average download shown incorrectly when its 1.x #4039 * Moved logic to viewmodel and added UTs * SemVer2 - Missing db index on Packages table #498 (#4073) * SemVer2 - Missing db index on Packages table #498 * SemVer2 - Missing db index on Packages table for partial search #499 (#4074) * Package-Versions autocomplete endpoint does not properly handle semVerLevel when using the db #4086 (#4087) * Package-Versions autocomplete endpoint does not properly handle semVerLevel when using the db #4086 (#4087) * v2 package-versions auto-complete endpoint should exclude deleted versions #4092 (#4093) * Remove auto-refresh AJAX call for total stats on home page #4090 (#4091) * v2 package-versions auto-complete endpoint should exclude unlisted versions #4092 (#4099) * Support for policy propagation (#4061) - Added inline confirmation when adding new package owner - Added package URL link to package owner request emails - Added new notification to co-owners when package owner request is confirmed - Added secure push policy messaging to communication above (confirmation, request, and notification) - Added secure push policy messaging to package view for owners and admins - Fixed bug on security policy admin view where toggle all broken if multiple subscriptions - Updated security policy admin view to not reload page on update postback * Preserve original 409 exception in AI logs (#4136) * System.ArgumentNullException GET packages/DisplayPackage #4204 (#4210) * Resolve merge conflicts
joelverhagen
added a commit
that referenced
this issue
Jul 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, NuGetGallery leaves the Cache-Control header as Private for the "GetPackageApi" action. This means that GET requests to pull packages cannot be cached by downstream web caches (such as Squid/Varnish).
In order to allow web caches to cache GET requests for reading packages, we need a change in ApiController.cs - explicitly set the cacheability like this:
Being able to cache GET read requests means that we can offload the load on the NuGet Gallery server. This is particularly important when running NuGet Gallery locally, with 80+ developers and upwards of 60 build pipelines.
I am happy to submit a pull request. We have this configuration working in our environment, and it works a treat with Squid - blazing fast performance from NuGet Gallery!
The text was updated successfully, but these errors were encountered: