Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 24ea0bcb1d56ae0c99ed09273c556b0cee28e77e^! / .
commit24ea0bcb1d56ae0c99ed09273c556b0cee28e77e[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Thu Dec 21 11:32:55 2017 +0100
committerWilly Tarreau <w@1wt.eu>Fri Dec 22 14:43:26 2017 +0100
tree3e28fcc0c23a6bf12a6645afe0913bd0fbe3302d
parentfe7456f3b78ca1721d7f10d9df073ed8174f83c0 [diff]
MINOR: http: adjust the list of supposedly cacheable methods

We used to have a rule inherited from RFC2616 saying that the POST
method was the only uncacheable one, but things have changed since
and RFC7231+7234 made it clear that in fact only GET/HEAD/OPTIONS/TRACE
are cacheable. Currently this rule is only used to detect cacheable
cookies.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 87fc567..a4b3652 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -5440,8 +5440,9 @@
     - all those without "Set-Cookie" header ;
     - all those with a return code other than 200, 203, 206, 300, 301, 410,
       provided that the server has not set a "Cache-control: public" header ;
-    - all those that come from a POST request, provided that the server has not
-      set a 'Cache-Control: public' header ;
+    - all those that result from a request using a method other than GET, HEAD,
+      OPTIONS, TRACE, provided that the server has not set a 'Cache-Control:
+      public' header field ;
     - those with a 'Pragma: no-cache' header
     - those with a 'Cache-control: private' header
     - those with a 'Cache-control: no-store' header

diff --git a/src/proto_http.c b/src/proto_http.c
index c226d37..ebc72c9 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c

@@ -5398,12 +5398,23 @@
 		 *    by a cache (...) unless a cache-control
 		 *    directive prohibits caching."
 		 *
-		 * RFC2616 @9.5: POST method :
-		 *   "Responses to this method are not cacheable,
-		 *    unless the response includes appropriate
-		 *    Cache-Control or Expires header fields."
+		 * RFC7234#4:
+		 *   A cache MUST write through requests with methods
+		 *   that are unsafe (Section 4.2.1 of [RFC7231]) to
+		 *   the origin server; i.e., a cache is not allowed
+		 *   to generate a reply to such a request before
+		 *   having forwarded the request and having received
+		 *   a corresponding response.
+		 *
+		 * RFC7231#4.2.1:
+		 *   Of the request methods defined by this
+		 *   specification, the GET, HEAD, OPTIONS, and TRACE
+		 *   methods are defined to be safe.
 		 */
-		if (likely(txn->meth != HTTP_METH_POST) &&
+		if (likely(txn->meth == HTTP_METH_GET ||
+		           txn->meth == HTTP_METH_HEAD ||
+		           txn->meth == HTTP_METH_OPTIONS ||
+		           txn->meth == HTTP_METH_TRACE) &&
 		    ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC)))
 			txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
 		break;