Add way to set Cache-Control header for static assets

Fixes #3332
2026-04-25 03:00:53 -04:00 · 2020-12-16 13:53:09 -05:00
parent 999036ae94
commit ab0ade5375
3 changed files with 86 additions and 82 deletions
--- a/api/src/controllers/assets.ts
+++ b/api/src/controllers/assets.ts
@@ -9,6 +9,7 @@ import { Transformation } from '../types/assets';
 import storage from '../storage';
 import { PayloadService, AssetsService } from '../services';
 import useCollection from '../middleware/use-collection';
+import env from '../env';

 const router = Router();

@@ -111,6 +112,7 @@ router.get(
 			res.removeHeader('Content-Disposition');
 		}

+		res.setHeader('Cache-Control', env.ASSETS_CACHE_CONTROL);
 		stream.pipe(res);
 	})
 );
--- a/api/src/env.ts
+++ b/api/src/env.ts
@@ -44,6 +44,8 @@ const defaults: Record<string, any> = {
 	EMAIL_SENDMAIL_PATH: '/usr/sbin/sendmail',

 	TELEMETRY: true,
+
+	ASSETS_CACHE_CONTROL: 'public, max-age=604800',
 };

 let env: Record<string, any> = {
--- a/docs/reference/environment-variables.md
+++ b/docs/reference/environment-variables.md
@@ -1,8 +1,7 @@
 # Environment Variables

-> Each Directus project supports a number of environment variables for configuration. These
-> variables are added to the `/api/.env` file, with an example file at `/api/example.env` for easier
-> boilerplate setup.
+> Each Directus project supports a number of environment variables for configuration. These variables are added to the
+> `/api/.env` file, with an example file at `/api/example.env` for easier boilerplate setup.

 ## General

@@ -16,8 +15,8 @@ URL where your API can be reached on the web.<br>**Default: `/`**

 ### `LOG_LEVEL`

-What level of detail to log. One of `fatal`, `error`, `warn`, `info`, `debug`, `trace` or
-`silent`.<br>**Default: `info`**
+What level of detail to log. One of `fatal`, `error`, `warn`, `info`, `debug`, `trace` or `silent`.<br>**Default:
+`info`**

 ### `LOG_STYLE`

@@ -27,9 +26,8 @@ Render the logs human readable (pretty) or as JSON. One of `pretty`, `raw`.<br>*

 ### `DB_CLIENT`

-What database client to use. One of `pg` or `postgres`, `mysql`, `mysql2`, `oracledb`, `mssql`, or
-`sqlite3`. For all database clients except SQLite, you will also need to configure the following
-variables:
+What database client to use. One of `pg` or `postgres`, `mysql`, `mysql2`, `oracledb`, `mssql`, or `sqlite3`. For all
+database clients except SQLite, you will also need to configure the following variables:

 ### `DB_HOST`

@@ -65,8 +63,8 @@ extend the `DB_*` environment variables with any config you need to pass to the

 ### `DB_CONNECTION_STRING` (Postgres Only)

-When using Postgres, you can submit a connection string instead of individual properties. Using this
-will ignore any of the other connection settings.
+When using Postgres, you can submit a connection string instead of individual properties. Using this will ignore any of
+the other connection settings.

 ## Security

@@ -84,8 +82,7 @@ The duration that the access token is valid.<br>**Default: `15m`**

 ### `REFRESH_TOKEN_TTL`

-The duration that the refresh token is valid, and also how long users stay logged-in to the
-App.<br>**Default: `7d`**
+The duration that the refresh token is valid, and also how long users stay logged-in to the App.<br>**Default: `7d`**

 ### `REFRESH_TOKEN_COOKIE_SECURE`

@@ -105,9 +102,9 @@ Whether or not to enable the CORS headers.<br>**Default: `true`**

 Value for the `Access-Control-Allow-Origin` header. Possible values:

-   `true` - reflect the Origin header
-   String - set the origin to a specific domain
-   CSV - multiple domains
+- `true` - reflect the Origin header
+- String - set the origin to a specific domain
+- CSV - multiple domains

 ### `CORS_METHODS`

@@ -145,21 +142,21 @@ The time window in seconds in which the points are counted.<br>**Default: `1`**

 ### `RATE_LIMITER_STORE`

-Where to store the rate limiter counts. Either `memory`, `redis`, or `memcache`. Based on the rate
-limiter used, you must also provide the following configurations.<br>**Default: `memory`**
+Where to store the rate limiter counts. Either `memory`, `redis`, or `memcache`. Based on the rate limiter used, you
+must also provide the following configurations.<br>**Default: `memory`**

-   **Memory**
-    -   No additional configuration required
-   **Redis**
-    -   **`RATE_LIMITER_REDIS`** — Redis connection string
-        -   eg: `redis://:authpassword@127.0.0.1:6380/4`
-    -   Alternatively, you can enter individual connection parameters:
-        -   **`RATE_LIMITER_REDIS_HOST`**
-        -   **`RATE_LIMITER_REDIS_PORT`**
-        -   **`RATE_LIMITER_REDIS_PASSWORD`**
-        -   **`RATE_LIMITER_REDIS_DB`**
-   **Memcache**
-    -   **`RATE_LIMITER_MEMCACHE`** — Location of your memcache instance
+- **Memory**
+  - No additional configuration required
+- **Redis**
+  - **`RATE_LIMITER_REDIS`** — Redis connection string
+    - eg: `redis://:authpassword@127.0.0.1:6380/4`
+  - Alternatively, you can enter individual connection parameters:
+    - **`RATE_LIMITER_REDIS_HOST`**
+    - **`RATE_LIMITER_REDIS_PORT`**
+    - **`RATE_LIMITER_REDIS_PASSWORD`**
+    - **`RATE_LIMITER_REDIS_DB`**
+- **Memcache**
+  - **`RATE_LIMITER_MEMCACHE`** — Location of your memcache instance

 <!-- prettier-ignore-start -->
 ::: tip Additional Rate Limiter Variables All `RATE_LIMITER_*` variables are passed directly to a
@@ -192,58 +189,62 @@ How to scope the cache data.<br>**Default: `directus-cache`**

 ### `CACHE_STORE`

-Where to store the cache data. Either `memory`, `redis`, or `memcache`. Based on the cache used, you
-must also provide the following configurations.<br>**Default: `memory`**
+Where to store the cache data. Either `memory`, `redis`, or `memcache`. Based on the cache used, you must also provide
+the following configurations.<br>**Default: `memory`**

-   **Memory**
-    -   No additional configuration required
-   **Redis**
-    -   **`CACHE_REDIS`** — Redis connection string
-        -   eg: `redis://:authpassword@127.0.0.1:6380/4`
-    -   Alternatively, you can enter individual connection parameters:
-        -   **`CACHE_REDIS_HOST`**
-        -   **`CACHE_REDIS_PORT`**
-        -   **`CACHE_REDIS_PASSWORD`**
-        -   **`CACHE_REDIS_DB`**
-   **Memcache**
-    -   **`CACHE_MEMCACHE`** — Location of your memcache instance
+- **Memory**
+  - No additional configuration required
+- **Redis**
+  - **`CACHE_REDIS`** — Redis connection string
+    - eg: `redis://:authpassword@127.0.0.1:6380/4`
+  - Alternatively, you can enter individual connection parameters:
+    - **`CACHE_REDIS_HOST`**
+    - **`CACHE_REDIS_PORT`**
+    - **`CACHE_REDIS_PASSWORD`**
+    - **`CACHE_REDIS_DB`**
+- **Memcache**
+  - **`CACHE_MEMCACHE`** — Location of your memcache instance
+
+### `ASSETS_CACHE_CONTROL`
+
+The value for the `Cache-Control` header for the static assets in the /assets endpoint. Defaults to
+`public, max-age=604800`.

 ## File Storage

 ### `STORAGE_LOCATIONS`

-A CSV of storage locations (eg: `local,digitalocean,amazon`) to use. You can use any names you'd
-like for these keys, but each must have a matching `<LOCATION>` configuration.<br>**Default:
-`local`**
+A CSV of storage locations (eg: `local,digitalocean,amazon`) to use. You can use any names you'd like for these keys,
+but each must have a matching `<LOCATION>` configuration.<br>**Default: `local`**

 For each of the storage locations listed, you must provide the following configuration:

-   **`STORAGE_<LOCATION>_PUBLIC_URL`** — Location on the internet where the files are accessible
-   **`STORAGE_<LOCATION>_DRIVER`** — Which driver to use, either `local`, `s3`, or `gcl`
+- **`STORAGE_<LOCATION>_PUBLIC_URL`** — Location on the internet where the files are accessible
+- **`STORAGE_<LOCATION>_DRIVER`** — Which driver to use, either `local`, `s3`, or `gcl`

 Based on your configured driver, you must also provide the following configurations.

-   **Local**
-    -   `STORAGE_<LOCATION>_ROOT` — Where to store the files on disk
-   **S3**
-    -   **`STORAGE_<LOCATION>_KEY`** — User key
-    -   **`STORAGE_<LOCATION>_SECRET`** — User secret
-    -   **`STORAGE_<LOCATION>_ENDPOINT`** — S3 Endpoint
-    -   **`STORAGE_<LOCATION>_BUCKET`** — S3 Bucket
-    -   **`STORAGE_<LOCATION>_REGION`** — S3 Region
-   **Google Cloud**
-    -   **`STORAGE_<LOCATION>_KEY_FILENAME`** — Path to key file on disk
-    -   **`STORAGE_<LOCATION>_BUCKET`** — Google Cloud Storage bucket
+- **Local**
+  - `STORAGE_<LOCATION>_ROOT` — Where to store the files on disk
+- **S3**
+  - **`STORAGE_<LOCATION>_KEY`** — User key
+  - **`STORAGE_<LOCATION>_SECRET`** — User secret
+  - **`STORAGE_<LOCATION>_ENDPOINT`** — S3 Endpoint
+  - **`STORAGE_<LOCATION>_BUCKET`** — S3 Bucket
+  - **`STORAGE_<LOCATION>_REGION`** — S3 Region
+- **Google Cloud**
+  - **`STORAGE_<LOCATION>_KEY_FILENAME`** — Path to key file on disk
+  - **`STORAGE_<LOCATION>_BUCKET`** — Google Cloud Storage bucket

 ## oAuth

 ### `OAUTH_PROVIDERS`

-CSV of oAuth providers you want to use. For each of the oAuth providers you list, you must also
-provide the following configurations.
+CSV of oAuth providers you want to use. For each of the oAuth providers you list, you must also provide the following
+configurations.

-   **`OAUTH_<PROVIDER>_KEY`** — oAuth key for the external service
-   **`OAUTH_<PROVIDER>_SECRET`** — oAuth secret for the external service.
+- **`OAUTH_<PROVIDER>_KEY`** — oAuth key for the external service
+- **`OAUTH_<PROVIDER>_SECRET`** — oAuth secret for the external service.

 ## Extensions

@@ -259,32 +260,31 @@ Email address from which emails are sent.<br>**Default: `no-reply@directus.io`**

 ### `EMAIL_TRANSPORT`

-What to use to send emails. One of `sendmail`, `smtp`. Based on the transport used, you must also
-provide the following configurations.<br>**Default: `sendmail`**
+What to use to send emails. One of `sendmail`, `smtp`. Based on the transport used, you must also provide the following
+configurations.<br>**Default: `sendmail`**

-   **Sendmail** (`sendmail`)
-    -   **`EMAIL_SENDMAIL_NEW_LINE`** — What new line style to use in sendmail. **Default: `unix`**
-    -   **`EMAIL_SENDMAIL_PATH`** — Path to your sendmail executable. **Default:
-        `/usr/sbin/sendmail`**
-   **SMTP** (`smtp`)
-    -   **`EMAIL_SMTP_HOST`** — SMTP Host
-    -   **`EMAIL_SMTP_PORT`** — SMTP Port
-    -   **`EMAIL_SMTP_USER`** — SMTP User
-    -   **`EMAIL_SMTP_PASSWORD`** — SMTP Password
-    -   **`EMAIL_SMTP_POOL`** — Use SMTP pooling
-    -   **`EMAIL_SMTP_SECURE`** — Enable TLS
+- **Sendmail** (`sendmail`)
+  - **`EMAIL_SENDMAIL_NEW_LINE`** — What new line style to use in sendmail. **Default: `unix`**
+  - **`EMAIL_SENDMAIL_PATH`** — Path to your sendmail executable. **Default: `/usr/sbin/sendmail`**
+- **SMTP** (`smtp`)
+  - **`EMAIL_SMTP_HOST`** — SMTP Host
+  - **`EMAIL_SMTP_PORT`** — SMTP Port
+  - **`EMAIL_SMTP_USER`** — SMTP User
+  - **`EMAIL_SMTP_PASSWORD`** — SMTP Password
+  - **`EMAIL_SMTP_POOL`** — Use SMTP pooling
+  - **`EMAIL_SMTP_SECURE`** — Enable TLS

 ## Misc.

-If you're relying on Docker and/or the `directus bootstrap` CLI command, you can pass the following
-two environment variables to automatically configure the first user:
+If you're relying on Docker and/or the `directus bootstrap` CLI command, you can pass the following two environment
+variables to automatically configure the first user:

 ### `ADMIN_EMAIL`

-The email address of the first user that's automatically created when using `directus bootstrap`.
-Defaults to `admin@example.com`
+The email address of the first user that's automatically created when using `directus bootstrap`. Defaults to
+`admin@example.com`

 ### `ADMIN_PASSWORD`

-The password of the first user that's automatically created when using `directus bootstrap`.
-Defaults to a random string of 12 characters.
+The password of the first user that's automatically created when using `directus bootstrap`. Defaults to a random string
+of 12 characters.