search

NYPL-Simplified / server_core

Shared data model and utilities for Library Simplified server applications
7 stars 11 forks source link

All CachedFeeds are served as privately cacheable for libraries that don't show everything to all patrons #1258

Closed leonardr closed 3 years ago

leonardr commented 3 years ago

This branch fixes https://jira.nypl.org/browse/OE-25 by changing the caching rules for all CachedFeeds served for libraries that direct patrons to different lanes based on their patron type. For those libraries, all CachedFeeds are treated as private.

"Private" here refers to a concept defined in util/flask_util.py:Response as a way of bundling together a few features of HTTP. These feeds are not necessarily "private" in the sense that their contents are secret; "private" here only refers to the rules about when the feeds can be cached. Most of this branch is tweaking what exactly "private" means:

Previously, private resources were served with Cache-Control: private, meaning they can only be cached by the final recipient, not by intermediaries such as CDNs. This is still true.

As of this branch, private resources are also served with Vary: Authorization, meaning they can only be cached by the credentials that requested them. This is the piece that (I hope) actually fixes OE-25.

And as of this branch, private resources are not served with Cache-Control: s-maxage. That told intermediaries how long to cache the representation, which conflicted with the Cache-Control: private directive.

leonardr commented 3 years ago

@kristojorg, take a look at the HTTP side of this and verify that this makes sense.

leonardr commented 3 years ago

Open eBooks is the only library where different patron types get assigned different root lanes. If you sign in as an Early Grades patron, you should never be shown a Middle Grades feed -- even if (this is the point of OE-25) there was a Middle Grades patron who used the device before you and cached a Middle Grades feed in the private browser cache.

With, let's say, NYPL, we have different patron types, but when you log in, everyone always gets sent the same top-level feed. So there's no issue with a cache having a copy of a feed that a patron shouldn't be shown.

Theoretically we could say that people with juvenile cards a) get sent to a special "juvenile" set of lanes and b) can't access any books that won't fit in those lanes, and at that point we'd get something more like Open eBooks, but we haven't set that policy at NYPL.