Avatar cache expiry headers are too aggressive
This change, https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9453, from a year ago, forces all uploads to be revalidated on each request.
This approach has several failings, particularly since we are now using a CDN, and the CDN is being told to not cache uploaded content.
This is incredibly ineffiecent. At the very least, we should be:
- Caching the images for at least a few minutes - worst case is you have to live with the old avatar for a few minutes
- Ideally, adding a cache-buster to the URL, which changes when the avatar changes forcing an invalidation immediately
- The avatar should not be set as private, as this forces the CDN to not cache the image. Even if we use revalidation, this cannot happen since the CDN has no content to revalidate.
Additionally, these headers are preventing the Fastly image resizer from working and therefore blocking https://gitlab.com/gitlab-org/gitlab-ce/issues/48397