Responses are cached with max-age=10800 #24690
Comments
|
Are you sure that you just do not have a listener which adds the |
|
Well, the issue is present on authenticated requests too, so I doubt that's the problem. |
|
Fixed in #24691 |
|
Okay, after applying #24691, the header is P.S. Sorry for not specifying before that the response was also |
|
304 can only happen when doing conditional validation, which means something is responding (what?) based on a header sent by your browser (If-Modified-Since of If-Match). Please check on your side. |
|
@nicolas-grekas I will dig deeper tomorrow to try and find why 304 happens, but the fact is that before #24523, response was |
|
Okay, I think that it might be Apache who sends 304 back to the browser, as I've done tests with Symfony's built in server and no 304 appears. However, before #24523, response from Symfony was: and after: and then after #24691: If Apache is indeed responsible for 304, duplicated |
|
What might happen is that Apache generates an ETag header now due to the presence of the max-age directive. (Just a guess. I wouldn't know why it should be based on that) |
|
Although multiple I can provide HAR files for requests and responses if that would help. In any case, I'm not sure if it is okay to have a |
|
whether the no-cache directive is there or not, should not make a difference. max-age=0 should mean the same as an expires header in the past. no-cache would just say, the client needs to revalidate. but that is the case anyway due to max-age=0. no-cache just ensures stale responses are not used as well. but that is not the case anyway since you receive a 304. so to me #24691 fixes the problem and 304 is not a problem. and if you don't want to support conditional get, you can just configure your server or add a no-store cache control yourself to the response. |
…olas-grekas) This PR was merged into the 3.4 branch. Discussion ---------- [HttpFoundation] Fix caching of session-enabled pages | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #24690 | License | MIT | Doc PR | - Commits ------- 572e02c [HttpFoundation] Fix caching of session-enabled pages
|
@Tobion If you say so :) But just to be clear, I experienced this on a developer machine where I have Apache installed with a default configuration, so the chances that many developers run into this is high I'd say. Receiving 304 instead of 200 all of a sudden because of the different caching headers could potentially be considered a BC break in my opinion. |
|
What functionality breaks? The page still works doesn't it? The only "break" is when you use functional tests and assert response status 200. But there you don't get a 304 because you don't send conditional gets in functional tests. |
|
I was thinking more about the infrastructure if it expects to receive 200 and now starts receiving 304. This is just a wild guess, nothing more. If you say it's a non issue, who am I to argue :) |
|
Sorry for being a pain, but I've played around with my site with this fix, and sorry to say, but browser still caches my responses in the backend of my custom app, when I'm fully authenticated. I realize that this is not necessarily Symfony's fault, but many users will not know the difference and will have their apps broken and blame Symfony. |
Since upgrading to Symfony 3.4.0-BETA1 fom 3.3.10, suddenly all responses started receiving
Cache-Controlheader withprivate, max-age=10800, no-cache, privatevalue and a response code304 Not Modified, which means that responses are cached in browsers for 3 hours and only hard reload withCtrl+RorShift+Rrefreshes the page from backend.git bisectsays that the culprit is #24523. And indeed, reverting the commit in that PR fixes the issue for me, meaningCache-Controlheader is back tono-cache, privateand the response is200 OK.The text was updated successfully, but these errors were encountered: