Skip to content

[HttpKernel] Fix that no-cache MUST revalidate with the origin #35304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 11, 2020
Merged

[HttpKernel] Fix that no-cache MUST revalidate with the origin #35304

merged 1 commit into from
Jan 11, 2020

Conversation

mpdude
Copy link
Contributor

@mpdude mpdude commented Jan 10, 2020

Q A
Branch? 3.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets
License MIT
Doc PR

From RFC 7234 Section 5.2.2

The "no-cache" response directive indicates that the response MUST NOT be used to satisfy a subsequent request without successful validation on the origin server. This allows an origin server to prevent a cache from using it to satisfy a request without contacting it, even by caches that have been configured to send stale responses.

This is unconditional – the response must be revalidated right away.

(must-revalidate, to the contrary, requires revalidation only once the response has become stale.)

@mpdude mpdude changed the title Fix that no-cache MUST revalidate with the origin [HttpKernel] Fix that no-cache MUST revalidate with the origin Jan 10, 2020
@fabpot
Copy link
Member

fabpot commented Jan 11, 2020

Thank you @mpdude.

fabpot added a commit that referenced this pull request Jan 11, 2020
@fabpot
bug #35304 [HttpKernel] Fix that no-cache MUST revalidate with the or…
764c91b 
…igin (mpdude)

This PR was merged into the 3.4 branch.

Discussion
----------

[HttpKernel] Fix that no-cache MUST revalidate with the origin

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       |
| License       | MIT
| Doc PR        |

From [RFC 7234 Section 5.2.2](https://tools.ietf.org/html/rfc7234#section-5.2.2)

> The "no-cache" response directive indicates that the response MUST NOT be used to satisfy a subsequent request without successful validation on the origin server.  This allows an origin server to prevent a cache from using it to satisfy a request without contacting it, even by caches that have been configured to send stale responses.

This is unconditional – the response must be revalidated right away.

(`must-revalidate`, to the contrary, requires revalidation only once the response has become stale.)

Commits
-------

c8bdcb3 Fix that no-cache requires positive validation with the origin, even for fresh responses
@fabpot fabpot merged commit c8bdcb3 into symfony:3.4 Jan 11, 2020
@mpdude mpdude deleted the no-cache-must-validate-even-if-fresh branch January 11, 2020 08:34
This was referenced Jan 21, 2020
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabpot fabpot fabpot approved these changes

Assignees
No one assigned
Labels
Bug Status: Reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mpdude @fabpot @carsonbot