diff --git a/.env.template b/.env.template index 7fcbbfcb..fecac220 100644 --- a/.env.template +++ b/.env.template @@ -135,13 +135,20 @@ ## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`. ## ## `internal` refers to Vaultwarden's built-in icon fetching implementation. -## If an external service is set, an icon request to Vaultwarden will return an HTTP 307 +## If an external service is set, an icon request to Vaultwarden will return an HTTP ## redirect to the corresponding icon at the external service. An external service may ## be useful if your Vaultwarden instance has no external network connectivity, or if ## you are concerned that someone may probe your instance to try to detect whether icons ## for certain sites have been cached. # ICON_SERVICE=internal +## Icon redirect code +## The HTTP status code to use for redirects to an external icon service. +## The supported codes are 307 (temporary) and 308 (permanent). +## Temporary redirects are useful while testing different icon services, but once a service +## has been decided on, consider using permanent redirects for cacheability. +# ICON_REDIRECT_CODE=307 + ## Disable icon downloading ## Set to true to disable icon downloading in the internal icon service. ## This still serves existing icons from $ICON_CACHE_FOLDER, without generating any external diff --git a/src/api/icons.rs b/src/api/icons.rs index 3d1de094..4e8c753a 100644 --- a/src/api/icons.rs +++ b/src/api/icons.rs @@ -71,7 +71,14 @@ fn icon_redirect(domain: &str, template: &str) -> Option { } let url = template.replace("{}", domain); - Some(Redirect::temporary(url)) + match CONFIG.icon_redirect_code() { + 308 => Some(Redirect::permanent(url)), + 307 => Some(Redirect::temporary(url)), + _ => { + error!("Unexpected redirect code {}", CONFIG.icon_redirect_code()); + None + } + } } #[get("//icon.png")] diff --git a/src/config.rs b/src/config.rs index 5bbe8575..9554aee3 100644 --- a/src/config.rs +++ b/src/config.rs @@ -454,9 +454,14 @@ make_config! { /// To specify a custom icon service, set a URL template with exactly one instance of `{}`, /// which is replaced with the domain. For example: `https://icon.example.com/domain/{}`. /// `internal` refers to Vaultwarden's built-in icon fetching implementation. If an external - /// service is set, an icon request to Vaultwarden will return an HTTP 307 redirect to the + /// service is set, an icon request to Vaultwarden will return an HTTP redirect to the /// corresponding icon at the external service. icon_service: String, false, def, "internal".to_string(); + /// Icon redirect code |> The HTTP status code to use for redirects to an external icon service. + /// The supported codes are 307 (temporary) and 308 (permanent). + /// Temporary redirects are useful while testing different icon services, but once a service + /// has been decided on, consider using permanent redirects for cacheability. + icon_redirect_code: u32, true, def, 307; /// Positive icon cache expiry |> Number of seconds to consider that an already cached icon is fresh. After this period, the icon will be redownloaded icon_cache_ttl: u64, true, def, 2_592_000; /// Negative icon cache expiry |> Number of seconds before trying to download an icon that failed again. @@ -693,6 +698,12 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { } } + // Check if the icon redirect code is valid + match cfg.icon_redirect_code { + 307 | 308 => (), + _ => err!("Only HTTP 307/308 redirects are supported"), + } + Ok(()) }