Add `Vary` headers in responses

[kotx]

This prevents caching servers like Cloudflare from caching responses when Accept or X-Decrypt-Password request headers vary. Before this, servers like Cloudflare would cache the html preview page regardless of Accept header (meaning curls and non-browser requests would also return a cached preview page). Adding a Vary header should prevent that.

More info here: https://blog.cloudflare.com/vary-for-images-serve-the-correct-images-to-the-correct-browsers/

[aspacca]

More info here: https://blog.cloudflare.com/vary-for-images-serve-the-correct-images-to-the-correct-browsers/

I'm not 100% sure about the cloudflare behaviour on the Vary header: the article mentions only Accept, is just for the sake of the example?

If not, and they only "react" to Accept it seems to me that they are forcing the upstream service behind their cache to send a value that does not respect the real ones that should be set: in this case I would set the proper ones, and if it still does not work with cloudflare cache please ask them to fix ;)

[kotx]

More info here: https://blog.cloudflare.com/vary-for-images-serve-the-correct-images-to-the-correct-browsers/

I'm not 100% sure about the cloudflare behaviour on the Vary header: the article mentions only Accept, is just for the sake of the example?

I've only just discovered this, but apparently Cloudflare only allows Vary for images on the non-free plans? :(

But normally, Cloudflare and any server should not cache if the headers in Vary are different.

[aspacca]

But normally, Cloudflare and any server should not cache if the headers in Vary are different.

yes, I'm fine adding the Vary header, just I won't implement it to make cloudflare happy, but according to the rfc :)

[aspacca]

@kotx could you please merge the main branch on yours? thanks

[kotx]

could you please merge the main branch on yours? thanks

Done, hope this works