[HttpKernel] AbstractSessionListener should not override the cache lifetime for private responses #48651
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
It looks like you unchecked the "Allow edits from maintainer" box. That is fine, but please note that if you have multiple commits, you'll need to squash your commits into one before this can be merged. Or, you can check the "Allow edits from maintainers" box and the maintainer can squash for you. Cheers! Carsonbot |
| @@ -200,10 +200,14 @@ public function onKernelResponse(ResponseEvent $event) | |||
| } | |||
|
|
|||
| if ($autoCacheControl) { | |||
| $maxAge = 0; | |||
| if (!$response->headers->hasCacheControlDirective('public') && (bool) $response->getMaxAge()) { | |||
There was a problem hiding this comment.
I'd suggest this CS instead:
if ($autoCacheControl) {
+ $maxAge = $response->headers->hasCacheControlDirective('public') ? 0 : (int) $response->getMaxAge();
$response
- ->setExpires(new \DateTime())
+ ->setExpires(new \DateTimeImmutable('+'.$maxAge.' seconds'))But LGTM otherwise thanks!
(please allow edits from maintainers, that makes it easier to deal with contributions on our side)
There was a problem hiding this comment.
Hi @nicolas-grekas ,
I have applied the suggested CS, looks better now.
I can't allow edits for maintainers... I think it's because I opened the PR from an organization repository and that option is not available in that case (please correct me if I'm wrong).
…fetime for private responses
|
Thank you @rodmen. |
Merged
This was referenced Dec 28, 2022
Merged
Merged
Merged
|
I'm not sure whether this is the appropriate place, but I think I found a bug regarding this change (I'll open an actual issue if I'm correct about this). In our case, we have the following situation:
At least, this is the intention (I think). What actually happens now is this:
So now we have a 302 response that has Sorry for the long description, but do you agree this is a bug? If so I'll file an issue or just a PR right away. I think the intended behaviour should be to only overwrite |
|
this indeed looks like a bug |
fabpot
added a commit
that referenced
this pull request
Feb 4, 2023
…uithof, fabpot) This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [Response] `getMaxAge()` returns non-negative integer | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Refs #48651 (comment) | License | MIT | Doc PR | The `max-age` directive should be a non-negative integer, see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control): > The max-age=N request directive indicates that the client allows a stored response that is generated on the origin server within N seconds — where N may be any non-negative integer (including 0). In case the value is negative, it's encouraged to be treated as 0: > In other words, for any max-age value that isn't an integer or isn't non-negative, the caching behavior that's encouraged is to treat the value as if it were 0. In my case, it lead to a response that was `private,no-cache` but with an `Expires` header set in the future. Not every browser handled this inconsistency the same, which eventually led to authentication issues (see linked comment for a more elaborate explanation). Commits ------- 2639c43 [Response] `getMaxAge()` returns non-negative integer
symfony-splitter
pushed a commit
to symfony/http-kernel
that referenced
this pull request
Feb 4, 2023
…uithof, fabpot) This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [Response] `getMaxAge()` returns non-negative integer | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Refs symfony/symfony#48651 (comment) | License | MIT | Doc PR | The `max-age` directive should be a non-negative integer, see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control): > The max-age=N request directive indicates that the client allows a stored response that is generated on the origin server within N seconds — where N may be any non-negative integer (including 0). In case the value is negative, it's encouraged to be treated as 0: > In other words, for any max-age value that isn't an integer or isn't non-negative, the caching behavior that's encouraged is to treat the value as if it were 0. In my case, it lead to a response that was `private,no-cache` but with an `Expires` header set in the future. Not every browser handled this inconsistency the same, which eventually led to authentication issues (see linked comment for a more elaborate explanation). Commits ------- 2639c4353a [Response] `getMaxAge()` returns non-negative integer
symfony-splitter
pushed a commit
to symfony/http-foundation
that referenced
this pull request
Feb 4, 2023
…uithof, fabpot) This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [Response] `getMaxAge()` returns non-negative integer | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Refs symfony/symfony#48651 (comment) | License | MIT | Doc PR | The `max-age` directive should be a non-negative integer, see [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control): > The max-age=N request directive indicates that the client allows a stored response that is generated on the origin server within N seconds — where N may be any non-negative integer (including 0). In case the value is negative, it's encouraged to be treated as 0: > In other words, for any max-age value that isn't an integer or isn't non-negative, the caching behavior that's encouraged is to treat the value as if it were 0. In my case, it lead to a response that was `private,no-cache` but with an `Expires` header set in the future. Not every browser handled this inconsistency the same, which eventually led to authentication issues (see linked comment for a more elaborate explanation). Commits ------- 2639c4353a [Response] `getMaxAge()` returns non-negative integer
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#47660 is opened as a bug
This PR fix that AbstractSessionListener override the max-age and the expires cache headers if cache control is private and these values are explicit defined