From: Willy Tarreau Date: Thu, 21 Dec 2017 10:32:55 +0000 (+0100) Subject: MINOR: http: adjust the list of supposedly cacheable methods X-Git-Tag: v1.9-dev1~557 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24ea0bcb1d56ae0c99ed09273c556b0cee28e77e;p=thirdparty%2Fhaproxy.git MINOR: http: adjust the list of supposedly cacheable methods We used to have a rule inherited from RFC2616 saying that the POST method was the only uncacheable one, but things have changed since and RFC7231+7234 made it clear that in fact only GET/HEAD/OPTIONS/TRACE are cacheable. Currently this rule is only used to detect cacheable cookies. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 87fc567292..a4b3652f52 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -5440,8 +5440,9 @@ no option checkcache - all those without "Set-Cookie" header ; - all those with a return code other than 200, 203, 206, 300, 301, 410, provided that the server has not set a "Cache-control: public" header ; - - all those that come from a POST request, provided that the server has not - set a 'Cache-Control: public' header ; + - all those that result from a request using a method other than GET, HEAD, + OPTIONS, TRACE, provided that the server has not set a 'Cache-Control: + public' header field ; - those with a 'Pragma: no-cache' header - those with a 'Cache-control: private' header - those with a 'Cache-control: no-store' header diff --git a/src/proto_http.c b/src/proto_http.c index c226d37bd9..ebc72c9e21 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -5398,12 +5398,23 @@ int http_wait_for_response(struct stream *s, struct channel *rep, int an_bit) * by a cache (...) unless a cache-control * directive prohibits caching." * - * RFC2616 @9.5: POST method : - * "Responses to this method are not cacheable, - * unless the response includes appropriate - * Cache-Control or Expires header fields." + * RFC7234#4: + * A cache MUST write through requests with methods + * that are unsafe (Section 4.2.1 of [RFC7231]) to + * the origin server; i.e., a cache is not allowed + * to generate a reply to such a request before + * having forwarded the request and having received + * a corresponding response. + * + * RFC7231#4.2.1: + * Of the request methods defined by this + * specification, the GET, HEAD, OPTIONS, and TRACE + * methods are defined to be safe. */ - if (likely(txn->meth != HTTP_METH_POST) && + if (likely(txn->meth == HTTP_METH_GET || + txn->meth == HTTP_METH_HEAD || + txn->meth == HTTP_METH_OPTIONS || + txn->meth == HTTP_METH_TRACE) && ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC))) txn->flags |= TX_CACHEABLE | TX_CACHE_COOK; break;