[jira] [Updated] (HTTPCLIENT-2354) ResponseCachingPolicy::isExplicitlyCacheable does not account for "must-revalidate"

Mon, 06 Jan 2025 08:58:05 -0800 


     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Skylar Sutton updated HTTPCLIENT-2354:
--------------------------------------
    Description: 
Using httpclient5-cache:5.4.1, backed by an EH Cache with the following config:
 * maxCacheEntries: Integer.MAX
 * maxObjectSize: Integer.MAX
 * sharedCache: false
 * setNeverCacheHTTP10ResponsesWithQueryString: false
 * setNeverCacheHTTP11ResponsesWithQueryString: false

Execute a call against a resource with a query string (ex: "/foo?q=bar") which 
returns the following CacheControl:
{code:java}
Cache-Control: "must-revalidate, max-age=0" {code}
The Apache Client will fail to cache the resource, specifically because of this 
check in {_}ResponseCachingPolicy::isResponseCachable{_}:
{code:java}
if (!this.neverCache1_1ResponsesWithQueryString && 
!this.isExplicitlyCacheable(cacheControl, response)) {
    LOG.debug("Response is not cacheable as it is missing explicit caching 
headers");
    return false;
} {code}
More specifically, _ResponseCachingPolicy::isExplicitlyCachable_ does not 
contain any logic to handle the "must-revalidate" directive. 

Per this documentation, "public" is not required if "must-revalidate" is 
provided: 
[https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control]

*??"... If a request doesn't have an {{Authorization}} header, or you are 
already using {{s-maxage}} or {{must-revalidate}} in the response, then you 
don't need to use {{{}public ...{}}}"??*

 
 

  was:
Using httpclient5-cache:5.4.1, backed by an EH Cache with the following config:
 * maxCacheEntries: Integer.MAX
 * maxObjectSize: Integer.MAX
 * sharedCache: false
 * setNeverCacheHTTP10ResponsesWithQueryString: false
 * setNeverCacheHTTP11ResponsesWithQueryString: false

Execute a call against a resource with a query string (ex: "/foo?q=bar") which 
returns the following CacheControl:
{code:java}
Cache-Control: "must-revalidate, max-age=0" {code}
The Apache Client will fail to cache the resource, specifically because of this 
check in ResponseCachingPolicy::isResponseCachable:
{code:java}
if (!this.neverCache1_1ResponsesWithQueryString && 
!this.isExplicitlyCacheable(cacheControl, response)) {
    LOG.debug("Response is not cacheable as it is missing explicit caching 
headers");
    return false;
} {code}
More specifically, ResponseCachingPolicy::isExplicitlyCachable does not contain 
any logic to handle the +*"must-revalidate"*+ directive. 

Per this documentation, "public" is not required if "must-revalidate" is 
provided: 
[https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control]

??"If a request doesn't have an {{Authorization}} header, or you are already 
using {{s-maxage}} {*}or {{must-revalidate}} in the response, then you don't 
need to use {{public}}{*}."??

 
 


> ResponseCachingPolicy::isExplicitlyCacheable does not account for 
> "must-revalidate"
> -----------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2354
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2354
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 5.4.1
>            Reporter: Skylar Sutton
>            Priority: Major
>
> Using httpclient5-cache:5.4.1, backed by an EH Cache with the following 
> config:
>  * maxCacheEntries: Integer.MAX
>  * maxObjectSize: Integer.MAX
>  * sharedCache: false
>  * setNeverCacheHTTP10ResponsesWithQueryString: false
>  * setNeverCacheHTTP11ResponsesWithQueryString: false
> Execute a call against a resource with a query string (ex: "/foo?q=bar") 
> which returns the following CacheControl:
> {code:java}
> Cache-Control: "must-revalidate, max-age=0" {code}
> The Apache Client will fail to cache the resource, specifically because of 
> this check in {_}ResponseCachingPolicy::isResponseCachable{_}:
> {code:java}
> if (!this.neverCache1_1ResponsesWithQueryString && 
> !this.isExplicitlyCacheable(cacheControl, response)) {
>     LOG.debug("Response is not cacheable as it is missing explicit caching 
> headers");
>     return false;
> } {code}
> More specifically, _ResponseCachingPolicy::isExplicitlyCachable_ does not 
> contain any logic to handle the "must-revalidate" directive. 
> Per this documentation, "public" is not required if "must-revalidate" is 
> provided: 
> [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control]
> *??"... If a request doesn't have an {{Authorization}} header, or you are 
> already using {{s-maxage}} or {{must-revalidate}} in the response, then you 
> don't need to use {{{}public ...{}}}"??*
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to