commit 72cffaf4405682d76e52dddfce57137b4a9cd395
author Remi Tricot-Le Breton <rlebreton@haproxy.com> Thu Dec 03 18:19:31 2020 +0100
committer William Lallemand <wlallemand@haproxy.org> Fri Dec 04 10:21:56 2020 +0100
tree 9f0ed623f010de4d9ca8f54d74f67ddd57ba323c
parent fcea374fdfbba5af12349905dd45ae812a36284a

MEDIUM: cache: Remove cache entry in case of POST on the same resource

In case of successful unsafe method on a stored resource, the cached entry
must be invalidated (see RFC7234#4.4).
A "non-error response" is one with a 2xx (Successful) or 3xx (Redirection)
status code.
This implies that the primary hash must now be calculated on requests
that have an unsafe method (POST or PUT for instance) so that we can
disable the corresponding entries when we process the response.

src/cache.c

diff --git a/src/cache.c b/src/cache.c
index 59a590c..e0560e5 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -753,8 +753,34 @@
 		goto out;
 
 	/* cache only GET method */
-	if (txn->meth != HTTP_METH_GET)
+	if (txn->meth != HTTP_METH_GET) {
+		/* In case of successful unsafe method on a stored resource, the
+		 * cached entry must be invalidated (see RFC7234#4.4).
+		 * A "non-error response" is one with a 2xx (Successful) or 3xx
+		 * (Redirection) status code. */
+		if (txn->status >= 200 && txn->status < 400) {
+			switch (txn->meth) {
+			case HTTP_METH_OPTIONS:
+			case HTTP_METH_GET:
+			case HTTP_METH_HEAD:
+			case HTTP_METH_TRACE:
+				break;
+
+			default: /* Any unsafe method */
+				/* Discard any corresponding entry in case of sucessful
+				 * unsafe request (such as PUT, POST or DELETE). */
+				shctx_lock(shctx);
+
+				old = entry_exist(cconf->c.cache, txn->cache_hash);
+				if (old) {
+					eb32_delete(&old->eb);
+					old->eb.key = 0;
+				}
+				shctx_unlock(shctx);
+			}
+		}
 		goto out;
+	}
 
 	/* cache key was not computed */
 	if (!key)
@@ -1329,15 +1355,6 @@
 	trash = get_trash_chunk();
 	ctx.blk = NULL;
 
-	switch (txn->meth) {
-	case HTTP_METH_HEAD:
-	case HTTP_METH_GET:
-		chunk_memcat(trash, "GET", 3);
-		break;
-	default:
-		return 0;
-	}
-
 	sl = http_get_stline(htx);
 	uri = htx_sl_req_uri(sl); // whole uri
 	if (!uri.len)
@@ -1475,10 +1492,14 @@
 
 	http_check_request_for_cacheability(s, &s->req);
 
-	if ((s->txn->flags & (TX_CACHE_IGNORE|TX_CACHEABLE)) == TX_CACHE_IGNORE)
+	/* The request's hash has to be calculated for all requests, even POSTs
+	 * or PUTs for instance because RFC7234 specifies that a sucessful
+	 * "unsafe" method on a stored resource must invalidate it
+	 * (see RFC7234#4.4). */
+	if (!sha1_hosturi(s))
 		return ACT_RET_CONT;
 
-	if (!sha1_hosturi(s))
+	if ((s->txn->flags & (TX_CACHE_IGNORE|TX_CACHEABLE)) == TX_CACHE_IGNORE)
 		return ACT_RET_CONT;
 
 	if (s->txn->flags & TX_CACHE_IGNORE)