Index: modules/cache/mod_cache.c =================================================================== --- modules/cache/mod_cache.c (Revision 687129) +++ modules/cache/mod_cache.c (Arbeitskopie) @@ -56,9 +56,14 @@ apr_bucket_brigade *out; ap_filter_t *next; ap_filter_rec_t *cache_out_handle; + int remove_due_to_method = 0; + if ((r->method_number == M_POST) || (r->method_number == M_PUT) || + (r->method_number == M_DELETE)) { + remove_due_to_method = 1; + } /* Delay initialization until we know we are handling a GET */ - if (r->method_number != M_GET) { + else if (r->method_number != M_GET) { return DECLINED; } @@ -92,8 +97,17 @@ /* First things first - does the request allow us to return * cached information at all? If not, just decline the request. + * If remove_due_to_method is set we have a POST, DELETE or PUT + * request on the resource which according to RFC2616 13.1 causes + * a possible existing cached resource to be invalided and + * ejected from the cache. It is perfectly possible that POST, DELETE or + * PUT on this resource is protected while a GET on this resource that + * caused the resource to be cached is not. So we should not DECLINE here. + * If remove_due_to_method is set it is guaranteed anyway that we DECLINE + * later, but we need to have cache_select run before to be able to + * eject the cached resource from the cache. */ - if (auth) { + if (auth && !remove_due_to_method) { return DECLINED; } @@ -108,6 +122,16 @@ * return OK */ rv = cache_select(r); + /* + * Eject a possible cached resource from cache if handle a POST, DELETE or PUT + * on this resource. + * Note: cache_remove_url can handle the case when no cached resource + * was found by cache_select. + */ + if (remove_due_to_method) { + cache_remove_url(cache, r->pool); + return DECLINED; + } if (rv != OK) { if (rv == DECLINED) { if (!lookup) {