Be explicit about the SXG cache lifetime. (#323)

twifkak · web-flow · commit 2af22d152f3d · 2019-06-19T10:56:30.000-07:00
The previous behavior didn't specify a max age, which leads to
unspecified behavior.

Set to "max-age=0" for now, which allows caching on intermediaries, but
recommends they update every time.

A future change could relax that max age. However, be careful when doing
so, as the failure behavior of an expired SXG is a different UX than
that of an expired unsigned response.
diff --git a/packager/signer/signer.go b/packager/signer/signer.go
@@ -504,10 +504,17 @@ func (this *Signer) serveSignedExchange(resp http.ResponseWriter, fetchResp *htt
 		resp.Header().Set("AMP-Cache-Transform", act)
 	}
 
-	// TODO(twifkak): Add Cache-Control: public with expiry to match when we think the AMP Cache
-	// should fetch an update (half-way between signature date & expires).
 	resp.Header().Set("Content-Type", accept.SxgContentType)
-	resp.Header().Set("Cache-Control", "no-transform")
+	// We set a zero freshness lifetime on the SXG, so that naive caching
+	// intermediaries won't inhibit the update of this resource on AMP
+	// caches. AMP caches are recommended to base their update strategies
+	// on a combination of inner and outer resource lifetime.
+	//
+	// If you change this code to set a Cache-Control based on the inner
+	// resource, you need to ensure that its max-age is no longer than the
+	// lifetime of the signature (6 days, per above). Maybe an even tighter
+	// bound than that, based on data about client clock skew.
+	resp.Header().Set("Cache-Control", "no-transform, max-age=0")
 	resp.Header().Set("X-Content-Type-Options", "nosniff")
 	if _, err := resp.Write(body.Bytes()); err != nil {
 		log.Println("Error writing response:", err)
diff --git a/packager/signer/validation_test.go b/packager/signer/validation_test.go
@@ -13,8 +13,6 @@ import (
 
 func urlFrom(url *url.URL, err *util.HTTPError) *url.URL { return url }
 
-func errorFrom(url *url.URL, err *util.HTTPError) *util.HTTPError { return err }
-
 func urlOrDie(spec string) *url.URL {
 	url, err := url.Parse(spec)
 	if err != nil {
@@ -24,6 +22,8 @@ func urlOrDie(spec string) *url.URL {
 }
 
 func TestParseURL(t *testing.T) {
+	errorFrom := func(url *url.URL, err *util.HTTPError) *util.HTTPError { return err }
+
 	assert.EqualError(t, errorFrom(parseURL("", "sign")), "sign URL is unspecified")
 	if err := errorFrom(parseURL("abc-@#79!%^/", "sign")); assert.NotNil(t, err) {
 		assert.Contains(t, err.Error(), "Error parsing sign URL")
