Make private sources Cache-Control: private and Vary: Authorization

diff --git a/lib/Plack/App/Gruntmaster.pm b/lib/Plack/App/Gruntmaster.pm
index f091892c75364acab62bec77a11defab31818a61..6bc1f79eccc2a3179300a2f60e4856bf1cf9f25b 100644 (file)
--- a/lib/Plack/App/Gruntmaster.pm
+++ b/lib/Plack/App/Gruntmaster.pm
@@ -114,8 +114,11 @@ sub dispatch_request{
                sub (/src/:job) {
                        return NOT_FOUND if !job;
                        my $isowner = remote_user && remote_user->id eq job->rawowner;
-                       forbid !$isowner && (job->private || job->problem->private || job->contest && job->contest->is_running);
-                       my @headers = ('X-Forever' => 1, 'Cache-Control' => 'public, max-age=604800', 'Content-Type' => CONTENT_TYPES->{job->format});
+                       my $private = job->private || job->problem->private || job->contest && job->contest->is_running;
+                       forbid !$isowner && $private;
+                       my $privacy = $private ? 'private' : 'public';
+                       my @headers = ('X-Forever' => 1, 'Cache-Control' => "$privacy, max-age=604800", 'Content-Type' => CONTENT_TYPES->{job->format});
+                       push @headers, (Vary => 'Authorization') if $private;
                        [200, \@headers, [job->source]]
                },