Closed cyberczar closed 9 years ago
This is so people can change their profile photo and have the update show up in a "reasonable" time. We still get complaints if it's more than an hour.
On line 44 you determine whether the photo is a profile photo. Seems like that would the optimal place to set a 1 hour cache control header specifically for profile photos but set more sane values for everything else.
OK, it's coming back to me. At one time the cache was only profile photos. But then it was mentioned that somebody could change permissions on a photo and block somebody from seeing it (like removing the boss from seeing the drunk naked party pics with his wife), but if it was in cache they could still see it. So the cache was extended to all photos. Admitted it is expensive, but there's no other easy way to solve this particular problem.
Then can you please make it configurable? Because the default time of 1 hour is ludicrous.
It's bad enough the photos are stored in the database as opposed to being on the file system but I get the tradeoffs vis-a-vis security vs. availability.
In the meantime I've hacked up photo.php to set it to 3600*24*365*10
(10 years) on my own installation.
This issue was moved to redmatrix/redmatrix#158
In mod/photo.php, line 228 & 229 the default Expires and Cache-Control ages are set to 24 hours.
This is insanely low and defeats the purpose of using a content-delivery network to reduce bandwidth and load on the server.
Especially since red#matrix stores all user and profile photos in the database which is an expensive operation to retrieve blob objects from to begin with.
I propose the Cache-Control and Expires headers both be set to 365 days.
3600*24*365
.Even better, it should be configurable. :-)