From: Willy Tarreau Date: Fri, 22 Dec 2017 17:03:04 +0000 (+0100) Subject: BUG/MEDIUM: cache: don't cache the response on no-cache="set-cookie" X-Git-Tag: v1.9-dev1~547 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d4569d1937a160c17cb80c1848dadcad2a6f7d40;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: cache: don't cache the response on no-cache="set-cookie" If the server mentions no-cache="set-cookie" in the response headers, we must guarantee that any set-cookie field will not be stored. We cannot edit the stored response on the fly to trim the set-cookie header so we can refrain from storing a response containing such a header. In theory we could use TX_SCK_PRESENT for this but this one is only set when the cookie is being watched by the configuration. Since these responses are not very frequent and often accompanied with a set-cookie header, let's simply refrain from caching whenever such directive is present. This needs to be backported to 1.8. --- diff --git a/src/cache.c b/src/cache.c index a75c1aa8b8..39d8196ac1 100644 --- a/src/cache.c +++ b/src/cache.c @@ -433,7 +433,7 @@ enum act_return http_action_store_cache(struct act_rule *rule, struct proxy *px, check_response_for_cacheability(s, &s->res); - if (!(txn->flags & TX_CACHEABLE)) + if (!(txn->flags & TX_CACHEABLE) || !(txn->flags & TX_CACHE_COOK)) goto out; if ((msg->sov + msg->body_len) > (global.tune.bufsize - global.tune.maxrewrite))