Rules Hub

Coding Rules Library

← Back to all rules

Rule priority, scope & exceptions

Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).

PriorityP0 — correctness, security, data loss, prod-impactingScopeUniversal — language-agnostic, broadly applicable

Exceptions / tradeoffs (EN)Iznimke / tradeoffi (HR)

backend ruleP0universalStack: node

cachingsecurityhttpprivacy

Never mark user-specific responses as publicly cacheable

Do not set Cache-Control: public on responses that vary by user; a shared cache (CDN/proxy) will serve one user's data to everyone unless the response varies by a user-specific key.

PR: hegnar-user-ws · org-mining-2026-06Created: Jun 17, 2026

Bad example

Old codetypescript

1	`// Per-user endpoint marked public — CDN/varnish caches it once and serves it to all users`
2	`@Header('Cache-Control', 'max-age=10, public')`
3	`getMyWatchlist(@ReqUser() user) { /* ... */ }`

Explanation (EN)

Objašnjenje (HR)

Good example

New codetypescript

1	`// Keep user-scoped responses private to the browser cache`
2	`@Header('Cache-Control', 'max-age=10, private')`
3	`getMyWatchlist(@ReqUser() user) { /* ... */ }`
4	`// If a shared cache is required, Vary on the user identity (session/userId) header.`

Explanation (EN)

Objašnjenje (HR)

Login required