Duplicate Cache-Control headers for static assets

[Nathan Fisher]

Hello,

I think I've encountered an issue with the way Cache-Control headers are handled for static assets.

Below are the "Steps to reproduce", "Expected result", and "Actual result".

Steps to reproduce

-------------------------

1. Create a static asset entry in app.yaml:

```

runtime: go

api_version: go1

default_expiration: "1h" # 3600s

- url: /

  static_files: public/index.html

  upload: public/index.html

  mime_type: text/html; charset=UTF-8

  secure: always

  http_headers:

    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

    Cache-Control: no-cache

    Content-Security-Policy: default-src 'none'; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; img-src 'self'; script-src 'self';

    Referrer-Policy: same-origin

    X-Content-Type-Options: nosniff

    X-Frame-Options: deny

    X-Permitted-Cross-Domain-Policies: none

    X-XSS-Protection: 1; mode=block

    Link: <https://fonts.gstatic.com>; rel=preconnect

```

2. Deploy to App Engine.

3. Request / URL for custom domain.

Expected Result

----------------------

```

Cache-Control: no-cache

```

Actual Result

------------------

```

Cache-Control: public, max-age=3600

Cache-Control: no-cache

```

[Nathan Fisher]

I've posted into the issue tracker as well. Not 100% certain if this will be considered a defect but it seems like it probably should be.

[Taher (Cloud Platform Support)]

Hi Nathan,

As you have already raised an issue in our public issue tracker, I would suggest you get the update on your opened issue from there.