Open dulnan opened 1 year ago
I also hit this when using the CurrentUser
data producer.
The documentation is clear on what is the intention: the data should be cached per user so that previously logged in users do not leak to newly logged in users. The bug causes the result to be always uncacheable which also effectively prevents data from leaking.
I think the fix is to simply add the user
cache context. This will achieve the intended result.
When using the
current_user
data producer the response becomes uncacheable. This is because of this line:https://github.com/drupal-graphql/graphql/blob/bf9dea39bedc0546df43018fddd398abf545b885/src/Plugin/GraphQL/DataProducer/User/CurrentUser.php#L73
As
$this->currentUser
is not an instance ofCacheableDependencyInterface
, the addCacheableDependency() method inRefinableCacheableDependencyTrait
will fall back to setting the max age to 0:https://git.drupalcode.org/project/drupal/-/blob/11.x/core/lib/Drupal/Core/Cache/RefinableCacheableDependencyTrait.php#L23
One option to fix this would be to not set any cacheability at all and leave this up to the consumers of the producer. But that would introduce quite a breaking change, as queries would suddenly become cacheable.
An alternative fix would be to implement a default behaviour that adds the
user
context (or sets the max age to 0), but introduces a new argument on the producer to prevent this from being done. That way existing implementation still work as before, while making it possible to customise the cacheability when needed.Happy to do a merge request once the best approach has been found!