From 78da649773416822a137f9ab1f4458de26866aca Mon Sep 17 00:00:00 2001
From: Justin Coyne <jcoyne@justincoyne.com>
Date: Fri, 7 Apr 2017 12:44:22 -0500
Subject: [PATCH] Set Cache-Control headers

---
 app/controllers/riiif/images_controller.rb       | 16 ++++++++++++++++
 spec/controllers/riiif/images_controller_spec.rb |  2 ++
 2 files changed, 18 insertions(+)

diff --git a/app/controllers/riiif/images_controller.rb b/app/controllers/riiif/images_controller.rb
index b92f01e..c793da5 100644
--- a/app/controllers/riiif/images_controller.rb
+++ b/app/controllers/riiif/images_controller.rb
@@ -22,6 +22,8 @@ def show
 
       data = image.render(image_request_params)
       headers['Access-Control-Allow-Origin'] = '*'
+      # Set a Cache-Control header
+      expires_in cache_expires, public: false if status == :ok
       send_data data,
                 status: status,
                 type: Mime::Type.lookup_by_extension(params[:format]),
@@ -32,6 +34,8 @@ def info
       image = model.new(image_id)
       if authorization_service.can?(:info, image)
         headers['Access-Control-Allow-Origin'] = '*'
+        # Set a Cache-Control header
+        expires_in cache_expires, public: false
         render json: image.info.to_h.merge(server_info), content_type: 'application/ld+json'
       else
         render json: { error: 'unauthorized' }, status: :unauthorized
@@ -48,6 +52,18 @@ def redirect
 
       LEVEL1 = 'http://iiif.io/api/image/2/level1.json'.freeze
 
+      # @return seconds before the request expires. Defaults to 1 year.
+      def cache_expires
+        1.year
+      end
+
+      # Should the Cache-Control header be public? Override this if you want to have a
+      # public Cache-Control set.
+      # @return FalseClass
+      def public_cache?
+        false
+      end
+
       def model
         params.fetch(:model, 'riiif/image').camelize.constantize
       end
diff --git a/spec/controllers/riiif/images_controller_spec.rb b/spec/controllers/riiif/images_controller_spec.rb
index 58539f7..0ae960b 100644
--- a/spec/controllers/riiif/images_controller_spec.rb
+++ b/spec/controllers/riiif/images_controller_spec.rb
@@ -18,6 +18,7 @@
       expect(response.body).to eq 'IMAGEDATA'
       expect(response.headers['Link']).to eq '<http://iiif.io/api/image/2/level1.json>;rel="profile"'
       expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
+      expect(response.headers['Cache-Control']).to eq 'max-age=31557600, private'
     end
 
     context 'with an unauthorized image' do
@@ -115,6 +116,7 @@
       expect(response.headers['Link']).to eq '<http://iiif.io/api/image/2/level1.json>;rel="profile"'
       expect(response.headers['Content-Type']).to eq 'application/ld+json; charset=utf-8'
       expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
+      expect(response.headers['Cache-Control']).to eq 'max-age=31557600, private'
     end
 
     context 'with an unauthorized image' do