From b592d7c8e6e0999d61cbbe96fda75699e07e25e9 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 15 Oct 2018 18:51:13 +0100
Subject: [PATCH] Set private flag for logged in users

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/web/handlers_base.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/web/handlers_base.py b/src/web/handlers_base.py
index 49e2b3d3..0e26bbb0 100644
--- a/src/web/handlers_base.py
+++ b/src/web/handlers_base.py
@@ -12,13 +12,18 @@ import tornado.web
 from .. import util
 
 class BaseHandler(tornado.web.RequestHandler):
+	def prepare(self):
+		# Mark this as private when someone is logged in
+		if self.current_user:
+			self.add_header("Cache-Control", "private")
+
 	def set_expires(self, seconds):
 		# For HTTP/1.1
-		self.set_header("Cache-Control", "max-age=%s, must-revalidate" % seconds)
+		self.add_header("Cache-Control", "max-age=%s, must-revalidate" % seconds)
 
 		# For HTTP/1.0
 		expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=seconds)
-		self.set_header("Expires", expires)
+		self.add_header("Expires", expires)
 
 	def write_error(self, status_code, **kwargs):
 		# Translate code into message
-- 
2.47.3