octokit.rb icon indicating copy to clipboard operation
octokit.rb copied to clipboard

Published 20 hours ago verified publisher icon octokit

Fix order of caching + authorization middlewares

Open DimitriosLisenko opened this issue 1 year ago • 1 comments

Resolves #1660

Before the change?

The HTTP caching doesn't have the Authorization header available to it, and therefore caches + returns values across user boundaries.

After the change?

The HTTP caching middleware happens after then authorization middleware, and therefore has the Authorization header and can cache requests per user.

Pull request checklist

  • [x] Tests for the changes have been added (for bug fixes / features)
  • [x] Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • [ ] Yes
  • [x] No

DimitriosLisenko avatar Jan 18 '24 01:01 DimitriosLisenko

Alternatively, could use Faraday::RackBuilder#insert to place the authorization middleware first in the list of handlers, which guarantees it will run before the caching middleware (which is set as part of the Faraday object initialization if the README is followed). Since the authorization middleware just sets some headers, this might be safer to do than rearranging the caching middleware, and it also works if somebody is not using Faraday::HttpCache as their caching middleware.

DimitriosLisenko avatar Jan 18 '24 01:01 DimitriosLisenko