55547 – mod_cache strips the non-cacheable headers from a response 304 (Not That Stale)

Bug 55547 - mod_cache strips the non-cacheable headers from a response 304 (Not That Stale)

Summary: mod_cache strips the non-cacheable headers from a response 304 (Not That Stale)

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_cache (show other bugs)
Version:	2.4-HEAD
Hardware:	All All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:	FixedInTrunk

Depends on:
Blocks:

Reported:	2013-09-11 17:18 UTC by Yann Ylavic
Modified:	2014-08-18 07:39 UTC (History)
CC List:	2 users (show)

Attachments
Don't strip the non-cacheable headers from a validated 304 response (1.11 KB, patch) 2013-09-11 17:18 UTC, Yann Ylavic	Details \| Diff
Fix headers forwarded from/as an origin 304 response (2.89 KB, patch) 2013-09-12 09:39 UTC, Yann Ylavic	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yann Ylavic 2013-09-11 17:18:25 UTC

Created attachment 30817 [details]
Don't strip the non-cacheable headers from a validated 304 response

When mod_cache asks for a revalidation of a stale entry and the origin responds with a 304 (not that stale), the module strips the non-cacheable headers from the origin response and merges the stale headers to update the cache (before store_headers).

The problem is that mod_cache won't forward the non-cacheable headers to the client, for example if the 304 response contains both Set-Cookie and 'Cache-Control: no-cache="Set-Cookie"' headers.

The issue was already stated in bug 54706, comment 3, although not related to the changes made there (before the Cache-Control no-cache=/no-store= handling, the bug could arise using the CacheIgnoreHeaders directive, and still can), hence the comment was not taken into account.

I also proposed to compute the cacheable headers once in bug 54706, comment 9, and fix this issue together by maintaining the cacheable/response headers separatly, but this is surely an overkill patch (reintroducing the request_config in mod_cache to preserve the API) for the only purpose of this issue.

Finally a simple patch can do the job, and is attached here.

Comment 1 Yann Ylavic 2013-09-12 09:39:58 UTC

Created attachment 30823 [details]
Fix headers forwarded from/as an origin 304 response

In the same case, when the conditional request meets the conditions of the stale then revalidated entry, the forwarded 304 response includes the entity headers merged from the cached headers before updating the entry.

This new patch does the same as the previous one but also stips the spurious entity headers on forwarded 304 responses.

Note that since the entity headers are stripped elsewhere (line 1167, about 304 response as well and sections 10.3.3/10.3.5 of the RFC2616), the code has been moved to a function; and the missing headers "Expires" and "Content-Location" added to the list (the same list in server/protocol.c line 1225 includes them, should it not be an ap_ function to do that?).

Comment 2 Yann Ylavic 2013-09-18 21:01:53 UTC

Any news here ?

Currently the Set-Cookie of a 304 response from the origin server is stripped.

Regards.

Comment 3 Yann Ylavic 2013-09-18 21:05:44 UTC

> Currently the Set-Cookie of a 304 response from the origin server is stripped.
Only with Cache-Control: no-cache="Set-Cookie" or alike, of course.

Comment 4 Christophe JAILLET 2014-08-18 07:39:46 UTC

Fixed and released in 2.4.10