Bug 1995787 - Add Cache-Control: no-store or Cache-Control: private to all attachments to prevent CDN from caching private attachments that are mistaken as static assets

dklawren · dklawren · commit b47e98db89a4 · 2025-10-22T15:39:58.000-04:00
diff --git a/attachment.cgi b/attachment.cgi
@@ -423,7 +423,8 @@ sub view {
   print $cgi->header(
     -type                => $contenttype,
     -content_disposition => "$disposition; filename*=$filename_star",
-    -content_length      => $attachment->datasize
+    -content_length      => $attachment->datasize,
+    -Cache_Control       => 'no-store, private'
   );
   disable_utf8();
   print $attachment->data;
