From b88de1e3171d66de9003b9e13a4f060aa060766e Mon Sep 17 00:00:00 2001 From: olavmrk Date: Thu, 13 Feb 2014 09:05:21 +0000 Subject: Simplify cache disabling headers. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch changes the headers sent to prevent errornous caching of the responses sent to only use a single header: Cache-Control: private, must-revalidate This single header should ensure that the data isn't shared between multiple users, and that the browser checks that the content is still valid for each request (enabling logout to work as expected). This drops the Exires-header, which should be unnecessary since all modern browsers support the Cache-Control-header. Thanks to Arthur Müller for providing this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@223 a716ebb1-153a-0410-b759-cfb97c6a1b53 --- auth_mellon.h | 2 +- auth_mellon_handler.c | 4 ++-- auth_mellon_util.c | 32 ++++++++++---------------------- 3 files changed, 13 insertions(+), 25 deletions(-) diff --git a/auth_mellon.h b/auth_mellon.h index e192850..f99cf6f 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -342,7 +342,7 @@ void am_delete_request_session(request_rec *r, am_cache_entry_t *session); char *am_reconstruct_url(request_rec *r); int am_check_permissions(request_rec *r, am_cache_entry_t *session); -void am_set_nocache(request_rec *r); +void am_set_cache_control_headers(request_rec *r); int am_read_post_data(request_rec *r, char **data, apr_size_t *length); char *am_extract_query_parameter(apr_pool_t *pool, const char *query_string, diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index e471bdc..f93ba6e 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -3168,8 +3168,8 @@ int am_auth_mellon_user(request_rec *r) return DECLINED; } - /* Disable all caching within this location. */ - am_set_nocache(r); + /* Set defaut Cache-Control headers within this location */ + am_set_cache_control_headers(r); /* Check if this is a request for one of our endpoints. We check if * the uri starts with the path set with the MellonEndpointPath diff --git a/auth_mellon_util.c b/auth_mellon_util.c index c383d54..ad9e90a 100644 --- a/auth_mellon_util.c +++ b/auth_mellon_util.c @@ -391,9 +391,7 @@ int am_check_permissions(request_rec *r, am_cache_entry_t *session) return OK; } - -/* This function disables caching of the response to this request. It does - * this by setting the Pragme: no-cache and Cache-Control: no-cache headers. +/* This function sets default Cache-Control headers. * * Parameters: * request_rec *r The request we are handling. @@ -401,31 +399,21 @@ int am_check_permissions(request_rec *r, am_cache_entry_t *session) * Returns: * Nothing. */ -void am_set_nocache(request_rec *r) +void am_set_cache_control_headers(request_rec *r) { - const char *user_agent; - - /* Setting the headers inn err_headers_out ensures that they will be + /* Send Cache-Control header to ensure that: + * - no proxy in the path caches content inside this location (private), + * - user agent have to revalidate content on server (must-revalidate). + * + * But never prohibit specifically any user agent to cache or store content + * + * Setting the headers in err_headers_out ensures that they will be * sent for all responses. */ apr_table_setn(r->err_headers_out, - "Expires", "Thu, 01 Jan 1970 00:00:00 GMT"); - apr_table_setn(r->err_headers_out, - "Cache-Control", "private, must-revalidate"); - - /* - * Never use Cache-Control: no-cache for IE - */ - user_agent = apr_table_get(r->headers_in, "User-Agent"); - if ((user_agent == NULL) || - (strstr(user_agent, "compatible; MSIE ") == NULL) || - (strstr(user_agent, "Opera") != NULL)) { - apr_table_addn(r->err_headers_out, - "Cache-Control", "no-cache, no-store"); - } + "Cache-Control", "private, must-revalidate"); } - /* This function reads the post data for a request. * * The data is stored in a buffer allocated from the request pool. -- cgit