Add config option to set the HTTP redirect code for external icons

The default code is 307 (temporary) to make it easier to test different icon services, but once a service has been decided on, users should ideally switch to using permanent redirects for cacheability.
3 years ago · b7eedbcddc
3 changed files with 28 additions and 3 deletions
--- a/.env.template
+++ b/.env.template
@ -135,13 +135,20 @@
 ## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`.
 ##
 ## `internal` refers to Vaultwarden's built-in icon fetching implementation.
-## If an external service is set, an icon request to Vaultwarden will return an HTTP 307
+## If an external service is set, an icon request to Vaultwarden will return an HTTP
 ## redirect to the corresponding icon at the external service. An external service may
 ## be useful if your Vaultwarden instance has no external network connectivity, or if
 ## you are concerned that someone may probe your instance to try to detect whether icons
 ## for certain sites have been cached.
 # ICON_SERVICE=internal

+## Icon redirect code
+## The HTTP status code to use for redirects to an external icon service.
+## The supported codes are 307 (temporary) and 308 (permanent).
+## Temporary redirects are useful while testing different icon services, but once a service
+## has been decided on, consider using permanent redirects for cacheability.
+# ICON_REDIRECT_CODE=307
+
 ## Disable icon downloading
 ## Set to true to disable icon downloading in the internal icon service.
 ## This still serves existing icons from $ICON_CACHE_FOLDER, without generating any external
--- a/src/api/icons.rs
+++ b/src/api/icons.rs
@ -71,7 +71,14 @@ fn icon_redirect(domain: &str, template: &str) -> Option<Redirect> {
    }

    let url = template.replace("{}", domain);
-    Some(Redirect::temporary(url))
+    match CONFIG.icon_redirect_code() {
+        308 => Some(Redirect::permanent(url)),
+        307 => Some(Redirect::temporary(url)),
+        _ => {
+            error!("Unexpected redirect code {}", CONFIG.icon_redirect_code());
+            None
+        }
+    }
 }

 #[get("/<domain>/icon.png")]
--- a/src/config.rs
+++ b/src/config.rs
@ -454,9 +454,14 @@ make_config! {
        /// To specify a custom icon service, set a URL template with exactly one instance of `{}`,
        /// which is replaced with the domain. For example: `https://icon.example.com/domain/{}`.
        /// `internal` refers to Vaultwarden's built-in icon fetching implementation. If an external
-        /// service is set, an icon request to Vaultwarden will return an HTTP 307 redirect to the
+        /// service is set, an icon request to Vaultwarden will return an HTTP redirect to the
        /// corresponding icon at the external service.
        icon_service:           String, false,  def,    "internal".to_string();
+        /// Icon redirect code |> The HTTP status code to use for redirects to an external icon service.
+        /// The supported codes are 307 (temporary) and 308 (permanent).
+        /// Temporary redirects are useful while testing different icon services, but once a service
+        /// has been decided on, consider using permanent redirects for cacheability.
+        icon_redirect_code:     u32,    true,   def,    307;
        /// Positive icon cache expiry |> Number of seconds to consider that an already cached icon is fresh. After this period, the icon will be redownloaded
        icon_cache_ttl:         u64,    true,   def,    2_592_000;
        /// Negative icon cache expiry |> Number of seconds before trying to download an icon that failed again.
@ -693,6 +698,12 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
        }
    }

+    // Check if the icon redirect code is valid
+    match cfg.icon_redirect_code {
+        307 | 308 => (),
+        _ => err!("Only HTTP 307/308 redirects are supported"),
+    }
+
    Ok(())
 }