[BUG]: HTTP caching middleware returns cached responses to wrong users #1660
Labels
Status: Up for grabs
Issues that are ready to be worked on by anyone
Type: Bug
Something isn't working as documented
What happened?
In version 4.22.0 (and onwards),
http.authorization 'Bearer', @bearer_token
(which immediately sets theAuthorization
header) was changed tohttp.request :authorization, 'Bearer', @bearer_token
, which instead adds theFaraday::Request::Authorization
to the middleware chain, which sets theAuthorization
header when called.Since the authorization middleware is added at the point of the request, while the caching middleware is added on Faraday initialization (as suggested in the README), it means that the HTTP caching middleware runs first, and the authorization middleware runs second.
This means that when the caching middleware runs, it does not have the
Authorization
header set, and therefore caches requests and then returns them without having the ability to know that these requests are for different users.For example,
GET /user/installations?per_page=100
should return different results for different users, but with the HTTP caching enabled, it does not.I have a PR that fixes the issue here: https://github.com/octokit/octokit.rb/pull/1661/files. Open to other approaches as well.
Versions
Octokit v8.0.0, Ruby v3.2.2
Relevant log output
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: