Changed the Caching of User Avatars to be public and to 5 minutes

app/controllers/concerns/uploads_actions.rb

@@ -29,7 +29,13 @@ def create
   def show
     return render_404 unless uploader&.exists?
 
-    expires_in 0.seconds, must_revalidate: true, private: true
+    if cache_privately?
+      expires_in 0.seconds, must_revalidate: true, private: true
+    else
+      # We need to reset caching from the applications controller to get rid of the no-store value
+      headers['Cache-Control'] = ''
+      expires_in 5.minutes, public: true, must_revalidate: false
+    end
 
     disposition = uploader.image_or_video? ? 'inline' : 'attachment'
 
@@ -114,6 +120,10 @@ def find_model
     nil
   end
 
+  def cache_privately?
+    true
+  end
+
   def model
     strong_memoize(:model) { find_model }
   end

app/controllers/uploads_controller.rb

@@ -70,6 +70,10 @@ def render_unauthorized
     end
   end
 
+  def cache_privately?
+    true unless (User === model || Appearance === model)
+  end
+
   def upload_model_class
     MODEL_CLASSES[params[:model]] || raise(UnknownUploadModelError)
   end

spec/controllers/uploads_controller_spec.rb

@@ -12,6 +12,13 @@
   end
 end
 
+shared_examples 'content publicy cached' do
+  it 'ensures content is publicly cached' do
+    # Fixed in newer versions of ActivePack, it will only output a single `private`.
+    expect(subject['Cache-Control']).to eq('max-age=300, public')
+  end
+end
+
 describe UploadsController do
   let!(:user) { create(:user, avatar: fixture_file_upload("spec/fixtures/dk.png", "image/png")) }
 
@@ -184,7 +191,7 @@
             expect(response).to have_gitlab_http_status(200)
           end
 
-          it_behaves_like 'content not cached without revalidation and no-store' do
+          it_behaves_like 'content publicy cached' do
             subject do
               get :show, params: { model: 'user', mounted_as: 'avatar', id: user.id, filename: 'dk.png' }