Fix order of caching + authorization middlewares - Githubissues

octokit / octokit.rb

Ruby toolkit for the GitHub API

http://octokit.github.io/octokit.rb/

MIT License

3.83k stars 1.13k forks source link

Fix order of caching + authorization middlewares #1661

Open DimitriosLisenko opened 5 months ago

DimitriosLisenko commented 5 months ago

Resolves #1660

Before the change?

The HTTP caching doesn't have the Authorization header available to it, and therefore caches + returns values across user boundaries.

After the change?

The HTTP caching middleware happens after then authorization middleware, and therefore has the Authorization header and can cache requests per user.

Pull request checklist

[x] Tests for the changes have been added (for bug fixes / features)
[x] Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

[ ] Yes
[x] No

DimitriosLisenko commented 5 months ago

Alternatively, could use Faraday::RackBuilder#insert to place the authorization middleware first in the list of handlers, which guarantees it will run before the caching middleware (which is set as part of the Faraday object initialization if the README is followed). Since the authorization middleware just sets some headers, this might be safer to do than rearranging the caching middleware, and it also works if somebody is not using Faraday::HttpCache as their caching middleware.