If you're building paranoid software where security must be bullet-proof, one concern is that Authenticated pages should not be browser cached.
This is due to fact that even when user is logged out, someone may sit at users computer and click browser back button and see the restricted data.
Gem will set these headers:
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: -1
If you are building next-gen Twitter app then this is a bad idea because you want to cache as much as possible. But when you're building comertial dashboard, payment software, ... then you should set those headers.
Add this line to your application's Gemfile:
gem 'no_cache_control'And then execute:
$ bundle
Or install it yourself as:
$ gem install no_cache_control
Gem will append these headers to all your controllers, you don't need to do anything else.
class MyCachableController < ActionController::Base
skip_before_filter :set_no_cache_control # rails 3
skip_before_action :set_no_cache_control # rails 4
endNow when I render MyCachableController the headers will be default Rails headers
No tests for this project as this is deep integration thing. (If anyone want to write a test I'm more than happy to merge it in 😊 )
The only way how you can test it is to lunch your Rails server and:
- open browser, go to the website, and view page headers (like with web developer tools plugin; then click in toolbar Information > View Response header)
curl http://0.0.0.0:3000/ -v
Gem should work potentionally on any application that uses ActionController
(meaning all Rails versions) but we've tested only these:
Please update this README file if you confirm any other
- Fork it ( https://github.com/[my-github-username]/no_cache_control/fork )
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create a new Pull Request