github-actions[bot]
commented
5 months ago 👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀
nickfloyd
DimitriosLisenko
What happened?
In version 4.22.0 (and onwards),
http.authorization 'Bearer', @bearer_token(which immediately sets theAuthorizationheader) was changed tohttp.request :authorization, 'Bearer', @bearer_token, which instead adds theFaraday::Request::Authorizationto the middleware chain, which sets theAuthorizationheader when called.Since the authorization middleware is added at the point of the request, while the caching middleware is added on Faraday initialization (as suggested in the README), it means that the HTTP caching middleware runs first, and the authorization middleware runs second.
This means that when the caching middleware runs, it does not have the
Authorizationheader set, and therefore caches requests and then returns them without having the ability to know that these requests are for different users.For example,
GET /user/installations?per_page=100should return different results for different users, but with the HTTP caching enabled, it does not.I have a PR that fixes the issue here: https://github.com/octokit/octokit.rb/pull/1661/files. Open to other approaches as well.
Versions
Octokit v8.0.0, Ruby v3.2.2
Relevant log output
No response
Code of Conduct