Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 8a16fe0d053b93c00a8bcf86159135f98ca1377e
commit8a16fe0d053b93c00a8bcf86159135f98ca1377e[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Tue May 22 11:04:33 2018 +0200
committerWilly Tarreau <w@1wt.eu>Wed May 23 10:36:44 2018 +0200
treef636465e1aaa8f10ef2345eec0f20985b001f25e
parentd5b073cf1fd455ee2613782fe1336690736f80e6 [diff]
BUG/MEDIUM: cache: don't cache when an Authorization header is present

RFC 7234 says:

A cache MUST NOT store a response to any request, unless:
[...] the Authorization header field (see Section 4.2 of [RFC7235]) does
      not appear in the request, if the cache is shared, unless the
      response explicitly allows it (see Section 3.2), [...]

In this patch we completely disable the cache upon the receipt of an
Authorization header in the request. In this case it's not possible to
either use the cache or store into the cache anymore.

Thanks to Adam Eijdenberg of Digital Transformation Agency for raising
this issue.

This patch must be backported to 1.8.
2 files changed
tree: f636465e1aaa8f10ef2345eec0f20985b001f25e
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. scripts/
  7. src/
  8. tests/
  9. .gitignore
  10. CHANGELOG
  11. CONTRIBUTING
  12. LICENSE
  13. MAINTAINERS
  14. Makefile
  15. README
  16. ROADMAP
  17. SUBVERS
  18. VERDATE
  19. VERSION