possible fix for #1705

src/server/handlers/security-handler.ts

@@ -5,12 +5,8 @@ export default async ({ res }: { res: Response }) => {
 
   res.send(
     `Contact: mailto:security@lemmy.ml
-  Contact: mailto:admin@` +
+     Contact: mailto:admin@${process.env.LEMMY_UI_LEMMY_EXTERNAL_HOST}
-      process.env.LEMMY_UI_LEMMY_EXTERNAL_HOST +
+     Contact: mailto:security@${process.env.LEMMY_UI_LEMMY_EXTERNAL_HOST}
-      `
-  Contact: mailto:security@` +
-      process.env.LEMMY_UI_LEMMY_EXTERNAL_HOST +
-      `
      Expires: 2024-01-01T04:59:00.000Z
   `
   );

src/server/middleware.ts

@@ -18,7 +18,7 @@ export function setDefaultCsp({
 
 // Set cache-control headers. If user is logged in, set `private` to prevent storing data in
 // shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching
-// all responses for 60 seconds to reduce load on backend and database. The specific cache
+// all responses for 5 seconds to reduce load on backend and database. The specific cache
 // interval is rather arbitrary and could be set higher (less server load) or lower (fresher data).
 //
 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
@@ -31,11 +31,13 @@ export function setCacheControl({
 }) {
   const user = UserService.Instance;
   let caching: string;
+
   if (user.auth()) {
     caching = "private";
   } else {
-    caching = "public, max-age=60";
+    caching = "public, max-age=5";
   }
+
   res.setHeader("Cache-Control", caching);
 
   next();