From 0c14180d1e7842ecbb89b99cc421ea07eeea1521 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B8rn=20A=CC=8Ane?= <jorn.dejong@uninett.no>
Date: Fri, 6 Sep 2019 14:13:39 +0200
Subject: [PATCH] Document static asset cache configuration

---
 config-templates/config.php | 17 ++++++++++++++---
 lib/SimpleSAML/Module.php   | 12 +++++++++---
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/config-templates/config.php b/config-templates/config.php
index 7f426a9a0..9d267be49 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -866,12 +866,23 @@ $config = [
      * The serving of the resources can be configured through these settings.
      */
     'assets' => [
+        /*
+         * These settings adjust the caching headers that are sent
+         * when serving static resources.
+         */
         'caching' => [
-            /**
-             * These settings adjust the caching headers that are sent
-             * when serving static resources.
+            /*
+             * Amount of seconds before the resource should be fetched again
              */
             'max_age' => 86400,
+            /*
+             * Calculate a checksum of every file and send it to the browser
+             * This allows the browser to avoid downloading assets again in situations
+             * where the Last-Modified header cannot be trusted,
+             * for example in cluster setups
+             *
+             * Defaults false
+             */
             'etag' => false,
         ],
     ],
diff --git a/lib/SimpleSAML/Module.php b/lib/SimpleSAML/Module.php
index 84d2f4a63..31e970bbb 100644
--- a/lib/SimpleSAML/Module.php
+++ b/lib/SimpleSAML/Module.php
@@ -264,11 +264,17 @@ class Module
             }
         }
 
-        $assetConfig = $config->getArray('assets', ['caching' => ['max_age' => 86400, 'etag' => false]]);
+        $assetConfig = $config->getConfigItem('assets', new Configuration([], '[assets]'));
+        $cacheConfig = $assetConfig->getConfigItem('caching', new Configuration([], '[assets][caching]'));
         $response = new BinaryFileResponse($path);
-        $response->setCache(['public' => true, 'max_age' => $assetConfig['caching']['max_age']]);
+        $response->setCache([
+            // "public" allows response caching even if the request was authenticated,
+            // which is exactly what we want for static resources
+            'public' => true,
+            'max_age' => (string)$cacheConfig->getInteger('max_age', 86400)
+        ]);
         $response->setAutoLastModified();
-        if ($assetConfig['caching']['etag']) {
+        if ($cacheConfig->getBoolean('etag', false)) {
             $response->setAutoEtag();
         }
         $response->isNotModified($request);
-- 
GitLab