Refactor Cache-Control and Vary definitions (#24347)

spec/controllers/settings/aliases_controller_spec.rb

@@ -13,10 +13,17 @@ describe Settings::AliasesController do
   end
 
   describe 'GET #index' do
-    it 'returns http success' do
+    before do
       get :index
+    end
+
+    it 'returns http success' do
       expect(response).to have_http_status(200)
     end
+
+    it 'returns private cache control headers' do
+      expect(response.headers['Cache-Control']).to include('private, no-store')
+    end
   end
 
   describe 'POST #create' do

spec/controllers/settings/applications_controller_spec.rb

@@ -13,13 +13,17 @@ describe Settings::ApplicationsController do
   end
 
   describe 'GET #index' do
-    let!(:other_app) { Fabricate(:application) }
-
-    it 'shows apps' do
+    before do
+      Fabricate(:application)
       get :index
+    end
+
+    it 'returns http success' do
       expect(response).to have_http_status(200)
-      expect(assigns(:applications)).to include(app)
-      expect(assigns(:applications)).to_not include(other_app)
+    end
+
+    it 'returns private cache control headers' do
+      expect(response.headers['Cache-Control']).to include('private, no-store')
     end
   end
 

spec/controllers/settings/deletes_controller_spec.rb

@@ -11,20 +11,27 @@ describe Settings::DeletesController do
 
       before do
         sign_in user, scope: :user
+        get :show
       end
 
       it 'renders confirmation page' do
-        get :show
         expect(response).to have_http_status(200)
       end
 
+      it 'returns private cache control headers' do
+        expect(response.headers['Cache-Control']).to include('private, no-store')
+      end
+
       context 'when suspended' do
         let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) }
 
         it 'returns http forbidden' do
-          get :show
           expect(response).to have_http_status(403)
         end
+
+        it 'returns private cache control headers' do
+          expect(response.headers['Cache-Control']).to include('private, no-store')
+        end
       end
     end
 

spec/controllers/settings/exports_controller_spec.rb

@@ -11,16 +11,16 @@ describe Settings::ExportsController do
 
       before do
         sign_in user, scope: :user
+        get :show
       end
 
-      it 'renders export' do
-        get :show
-
-        export = assigns(:export)
-        expect(export).to be_instance_of Export
-        expect(export.account).to eq user.account
+      it 'returns http success' do
         expect(response).to have_http_status(200)
       end
+
+      it 'returns private cache control headers' do
+        expect(response.headers['Cache-Control']).to include('private, no-store')
+      end
     end
 
     context 'when not signed in' do

spec/controllers/settings/imports_controller_spec.rb

@@ -10,10 +10,17 @@ RSpec.describe Settings::ImportsController, type: :controller do
   end
 
   describe 'GET #show' do
-    it 'returns http success' do
+    before do
       get :show
+    end
+
+    it 'returns http success' do
       expect(response).to have_http_status(200)
     end
+
+    it 'returns private cache control headers' do
+      expect(response.headers['Cache-Control']).to include('private, no-store')
+    end
   end
 
   describe 'POST #create' do

spec/controllers/settings/login_activities_controller_spec.rb

@@ -12,9 +12,16 @@ describe Settings::LoginActivitiesController do
   end
 
   describe 'GET #index' do
-    it 'returns http success' do
+    before do
       get :index
+    end
+
+    it 'returns http success' do
       expect(response).to have_http_status(200)
     end
+
+    it 'returns private cache control headers' do
+      expect(response.headers['Cache-Control']).to include('private, no-store')
+    end
   end
 end

spec/controllers/settings/migration/redirects_controller_spec.rb

@@ -12,10 +12,17 @@ describe Settings::Migration::RedirectsController do
   end
 
   describe 'GET #new' do
-    it 'returns http success' do
+    before do
       get :new
+    end
+
+    it 'returns http success' do
       expect(response).to have_http_status(200)
     end
+
+    it 'returns private cache control headers' do
+      expect(response.headers['Cache-Control']).to include('private, no-store')
+    end
   end
 
   describe 'POST #create' do

spec/controllers/settings/preferences/appearance_controller_spec.rb

@@ -12,11 +12,17 @@ describe Settings::Preferences::AppearanceController do
   end
 
   describe 'GET #show' do
-    it 'returns http success' do
+    before do
       get :show
+    end
 
+    it 'returns http success' do
       expect(response).to have_http_status(200)
     end
+
+    it 'returns private cache control headers' do
+      expect(response.headers['Cache-Control']).to include('private, no-store')
+    end
   end
 
   describe 'PUT #update' do

spec/controllers/settings/preferences/notifications_controller_spec.rb

@@ -12,10 +12,17 @@ describe Settings::Preferences::NotificationsController do
   end
 
   describe 'GET #show' do
-    it 'returns http success' do
+    before do
       get :show
+    end
+
+    it 'returns http success' do
       expect(response).to have_http_status(200)
     end
+
+    it 'returns private cache control headers' do
+      expect(response.headers['Cache-Control']).to include('private, no-store')
+    end
   end
 
   describe 'PUT #update' do

spec/controllers/settings/preferences/other_controller_spec.rb

@@ -12,10 +12,17 @@ describe Settings::Preferences::OtherController do
   end
 
   describe 'GET #show' do
-    it 'returns http success' do
+    before do
       get :show
+    end
+
+    it 'returns http success' do
       expect(response).to have_http_status(200)
     end
+
+    it 'returns private cache control headers' do
+      expect(response.headers['Cache-Control']).to include('private, no-store')
+    end
   end
 
   describe 'PUT #update' do

spec/controllers/settings/profiles_controller_spec.rb

@@ -13,10 +13,17 @@ RSpec.describe Settings::ProfilesController, type: :controller do
   end
 
   describe 'GET #show' do
-    it 'returns http success' do
+    before do
       get :show
+    end
+
+    it 'returns http success' do
       expect(response).to have_http_status(200)
     end
+
+    it 'returns private cache control headers' do
+      expect(response.headers['Cache-Control']).to include('private, no-store')
+    end
   end
 
   describe 'PUT #update' do

spec/controllers/settings/two_factor_authentication_methods_controller_spec.rb

@@ -26,23 +26,25 @@ describe Settings::TwoFactorAuthenticationMethodsController do
       describe 'when user has enabled otp' do
         before do
           user.update(otp_required_for_login: true)
+          get :index
         end
 
         it 'returns http success' do
-          get :index
-
           expect(response).to have_http_status(200)
         end
+
+        it 'returns private cache control headers' do
+          expect(response.headers['Cache-Control']).to include('private, no-store')
+        end
       end
 
       describe 'when user has not enabled otp' do
         before do
           user.update(otp_required_for_login: false)
+          get :index
         end
 
         it 'redirects to enable otp' do
-          get :index
-
           expect(response).to redirect_to(settings_otp_authentication_path)
         end
       end