add cache-control headers to kube-apiserver

Kubernetes-commit: f589c1213c8ba4fa0e31c523b2e9dcc27298084f

pkg/endpoints/filters/cachecontrol.go

@@ -0,0 +1,33 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package filters
+
+import (
+	"net/http"
+)
+
+// WithCacheControl sets the Cache-Control header to "no-cache, private" because all servers are protected by authn/authz.
+// see https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching#defining_optimal_cache-control_policy
+func WithCacheControl(handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		// Set the cache-control header if it is not already set
+		if _, ok := w.Header()["Cache-Control"]; !ok {
+			w.Header().Set("Cache-Control", "no-cache, private")
+		}
+		handler.ServeHTTP(w, req)
+	})
+}

pkg/endpoints/filters/cachecontrol_test.go

@@ -0,0 +1,76 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package filters
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestCacheControl(t *testing.T) {
+	tests := []struct {
+		name string
+		path string
+
+		startingHeader string
+		expectedHeader string
+	}{
+		{
+			name:           "simple",
+			path:           "/api/v1/namespaces",
+			expectedHeader: "no-cache, private",
+		},
+		{
+			name:           "openapi",
+			path:           "/openapi/v2",
+			expectedHeader: "no-cache, private",
+		},
+		{
+			name:           "already-set",
+			path:           "/api/v1/namespaces",
+			startingHeader: "nonsense",
+			expectedHeader: "nonsense",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			handler := http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
+				//do nothing
+			})
+			wrapped := WithCacheControl(handler)
+
+			testRequest, err := http.NewRequest(http.MethodGet, test.path, nil)
+			if err != nil {
+				t.Fatal(err)
+			}
+			w := httptest.NewRecorder()
+			if len(test.startingHeader) > 0 {
+				w.Header().Set("Cache-Control", test.startingHeader)
+			}
+
+			wrapped.ServeHTTP(w, testRequest)
+			actual := w.Header().Get("Cache-Control")
+
+			if actual != test.expectedHeader {
+				t.Fatal(actual)
+			}
+		})
+	}
+
+}

pkg/server/config.go

@@ -599,6 +599,7 @@ func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler {
 	handler = genericfilters.WithTimeoutForNonLongRunningRequests(handler, c.LongRunningFunc, c.RequestTimeout)
 	handler = genericfilters.WithWaitGroup(handler, c.LongRunningFunc, c.HandlerChainWaitGroup)
 	handler = genericapifilters.WithRequestInfo(handler, c.RequestInfoResolver)
+	handler = genericapifilters.WithCacheControl(handler)
 	handler = genericfilters.WithPanicRecovery(handler)
 	return handler
 }