From 89c62a7bdb703abb01bae70a7a7e639764abb5f7 Mon Sep 17 00:00:00 2001 From: Cliff Pruitt Date: Tue, 3 Sep 2019 11:51:47 -0400 Subject: [PATCH] Do not set response "Vary" header if it has already been set If an app sets the `"Vary"` header in an action to a value other than `"Accept"`, the `_set_vary_header` method will reset it's value to `"Accept"`. This commit checks the header to be sure that it does not already have a value before setting the header to `"Accept"`. --- .../lib/action_controller/metal/rendering.rb | 4 +++- actionpack/test/controller/integration_test.rb | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/actionpack/lib/action_controller/metal/rendering.rb b/actionpack/lib/action_controller/metal/rendering.rb index fd22c4fa64..f0029f30d9 100644 --- a/actionpack/lib/action_controller/metal/rendering.rb +++ b/actionpack/lib/action_controller/metal/rendering.rb @@ -78,7 +78,9 @@ module ActionController end def _set_vary_header - self.headers["Vary"] = "Accept" if request.should_apply_vary_header? + if self.headers["Vary"].blank? && request.should_apply_vary_header? + self.headers["Vary"] = "Accept" + end end # Normalize arguments by catching blocks and setting them on :update. diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index 4f5f5b71ae..f0f89c89e3 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -182,6 +182,15 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest end end + def get_with_vary_set_x_requested_with + respond_to do |format| + format.json do + response.headers["Vary"] = "X-Requested-With" + render json: "JSON OK", status: 200 + end + end + end + def get_with_params render plain: "foo: #{params[:foo]}", status: 200 end @@ -557,6 +566,13 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest end end + def test_not_setting_vary_header_when_it_has_already_been_set + with_test_route_set do + get "/get_with_vary_set_x_requested_with", headers: { "Accept" => "application/json" }, xhr: true + assert_equal "X-Requested-With", response.headers["Vary"] + end + end + def test_not_setting_vary_header_when_ignore_accept_header_is_set original_ignore_accept_header = ActionDispatch::Request.ignore_accept_header ActionDispatch::Request.ignore_accept_header = true