New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG]: HTTP caching middleware returns cached responses to wrong users #1660
Comments
👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with |
Hey @DimitriosLisenko, great catch! Thanks for tracking this down. Let us know if you'd be interested in fixing the issue and submitting a PR. For now I have labeled this as "Up For Grabs" so that the community can take a stab at getting this fixed as well. ❤️ |
Hey @nickfloyd! I have already submitted a PR at https://github.com/octokit/octokit.rb/pull/1661/files :) |
Oof, sorry about that I completely missed that. Thank you for the follow up and the contributions! We'll have a look shortly! ❤ |
What happened?
In version 4.22.0 (and onwards),
http.authorization 'Bearer', @bearer_token
(which immediately sets theAuthorization
header) was changed tohttp.request :authorization, 'Bearer', @bearer_token
, which instead adds theFaraday::Request::Authorization
to the middleware chain, which sets theAuthorization
header when called.Since the authorization middleware is added at the point of the request, while the caching middleware is added on Faraday initialization (as suggested in the README), it means that the HTTP caching middleware runs first, and the authorization middleware runs second.
This means that when the caching middleware runs, it does not have the
Authorization
header set, and therefore caches requests and then returns them without having the ability to know that these requests are for different users.For example,
GET /user/installations?per_page=100
should return different results for different users, but with the HTTP caching enabled, it does not.I have a PR that fixes the issue here: https://github.com/octokit/octokit.rb/pull/1661/files. Open to other approaches as well.
Versions
Octokit v8.0.0, Ruby v3.2.2
Relevant log output
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: