HttpCache does not consider ESI resources in HEAD requests #24243
Conversation
| @@ -1133,7 +1133,7 @@ public function testEsiCacheSendsTheLowestTtl() | |||
| array( | |||
| 'status' => 200, | |||
| 'body' => 'Hello World!', | |||
| 'headers' => array('Cache-Control' => 's-maxage=300'), | |||
| 'headers' => array('Cache-Control' => 's-maxage=200'), | |||
There was a problem hiding this comment.
Using a different maxage here so one can better tell the three responses apart.
| @@ -1147,8 +1147,33 @@ public function testEsiCacheSendsTheLowestTtl() | |||
| $this->request('GET', '/', array(), array(), true); | |||
| $this->assertEquals('Hello World! My name is Bobby.', $this->response->getContent()); | |||
|
|
|||
| // check for 100 or 99 as the test can be executed after a second change | |||
| $this->assertTrue(in_array($this->response->getTtl(), array(99, 100))); | |||
There was a problem hiding this comment.
We probably don't need this workaround anymore since we've got clock mocking (agree @nicolas-grekas?)
| @@ -1192,7 +1248,6 @@ public function testEsiRecalculateContentLengthHeader() | |||
| 'body' => '<esi:include src="/foo" />', | |||
| 'headers' => array( | |||
| 'Content-Length' => 26, | |||
| 'Cache-Control' => 's-maxage=300', | |||
There was a problem hiding this comment.
Removed as it is not relevant for this test case
| @@ -633,14 +633,6 @@ protected function store(Request $request, Response $response) | |||
| */ | |||
| private function restoreResponseBody(Request $request, Response $response) | |||
| { | |||
| if ($request->isMethod('HEAD') || 304 === $response->getStatusCode()) { | |||
There was a problem hiding this comment.
The 304 === ... part was added a long long time ago in #1413, seemingly not covered by tests.
I think it can safely be removed because $response is the response taken from the cache, which cannot be a 304.
| // Response does not include possibly dynamic content (ESI, SSI), so we need | ||
| // not handle the content for HEAD requests | ||
| if (!$request->isMethod('HEAD')) { | ||
| $response->setContent(file_get_contents($response->headers->get('X-Body-File'))); |
There was a problem hiding this comment.
This tries to keep part of the performance optimization removed above – if X-Body-File is intended to mark responses that do not contain dynamic content like ESI/SSI...?
|
@fabpot The license header in the |
|
@mpdude No, just keep it like it is. |
|
But doesn't this now always violate the "The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response." part? |
|
@xabbuh – not sure what you mean. That no body should be returned? There's code elsewhere (can figure it out if you like) that will remove the body for Does that answer your question? |
|
Thank you @mpdude. |
… (mpdude) This PR was squashed before being merged into the 2.7 branch (closes #24243). Discussion ---------- HttpCache does not consider ESI resources in HEAD requests | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | Due to this shortcut: https://github.com/symfony/symfony/blob/3b42d8859ea98fdd17012e21f774f55d33cccc3f/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php#L634-L642 ... the `HttpCache` never looks at the response body for `HEAD` requests. This makes it completely miss ESI-related tweaks like computing the correct TTL, removing validation headers or updating the `Content-Length`. From RFC2616 (https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.4): > The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request. Although it says "SHOULD", I think it can be misleading at best when HEAD requests do, for example, return different (greater) `s-maxage` values than a corresponding GET request. Commits ------- 4dd0e53 HttpCache does not consider ESI resources in HEAD requests
Due to this shortcut:
symfony/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
Lines 634 to 642 in 3b42d88
... the
HttpCachenever looks at the response body forHEADrequests. This makes it completely miss ESI-related tweaks like computing the correct TTL, removing validation headers or updating theContent-Length.From RFC2616 (https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.4):
Although it says "SHOULD", I think it can be misleading at best when HEAD requests do, for example, return different (greater)
s-maxagevalues than a corresponding GET request.