Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
Fix that ESI/SSI processing can turn a "private" response "public"#26643
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
ContributorAuthor
mpdude commentedMar 22, 2018
Ping@aschempp – you wrapped your head around the |
Contributor
aschempp commentedMar 23, 2018
The fix looks somewhat correct to me, according to the PR title. However, the correct solution would be to make the final response private (and not non-cacheable). But I guess you're aware of that and this PR is to disable caching in favor of incorrect caching. |
ContributorAuthor
mpdude commentedApr 11, 2018
@nicolas-grekas The appveyor test failed at Is that a known spurious test? |
nicolas-grekas approved these changesApr 14, 2018
fabpot approved these changesApr 16, 2018
Member
fabpot commentedApr 16, 2018
Thank you@mpdude. |
fabpot added a commit that referenced this pull requestApr 16, 2018
…"public" (mpdude)This PR was squashed before being merged into the 2.7 branch (closes#26643).Discussion----------Fix that ESI/SSI processing can turn a "private" response "public"| Q | A| ------------- | ---| Branch? | 2.7| Bug fix? | yes| New feature? | no| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets || License | MIT| Doc PR |Under the condition that* we are merging in at least one *embedded* response,* all *embedded* responses are `public`,* the *main* response is `private` and* all responses use expiration-based caching (note: no `s-maxage` on the *main* response)... the resulting response will turn to `Cache-Control: public`.The real issue is that when all responses use expiration-based caching, a combined max age is computed. This is set on the *main* response using `Response::setSharedMaxAge()`, which implicitly sets `Cache-Control: public`.The fix provided in this PR solves the problem by applying the same logic to the *main* response that is applied for *embedded* responses, namely that responses with `!Response::isCacheable()` will make the resulting response have `Cache-Control: private, no-cache, must-revalidate` and have `(s)max-age` removed.This makes the change easy to understand, but makes responses uncacheable too often. This is because the `Response::isCacheable()` method was written to determine whether it is safe for a shared cache to keep the response, which is not the case as soon as a `private` response is involved. This might be improved upon in another PR.Commits-------3d27b59 Fix that ESI/SSI processing can turn a \"private\" response \"public\"
This was referencedApr 27, 2018
Merged
Merged
Merged
Merged
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
Under the condition that
public,privateands-maxageon themain response)... the resulting response will turn to
Cache-Control: public.The real issue is that when all responses use expiration-based caching, a combined max age is computed. This is set on themain response using
Response::setSharedMaxAge(), which implicitly setsCache-Control: public.The fix provided in this PR solves the problem by applying the same logic to themain response that is applied forembedded responses, namely that responses with
!Response::isCacheable()will make the resulting response haveCache-Control: private, no-cache, must-revalidateand have(s)max-ageremoved.This makes the change easy to understand, but makes responses uncacheable too often. This is because the
Response::isCacheable()method was written to determine whether it is safe for a shared cache to keep the response, which is not the case as soon as aprivateresponse is involved. This might be improved upon in another PR.