MINOR: http: adjust the list of supposedly cacheable methods

We used to have a rule inherited from RFC2616 saying that the POST method was the only uncacheable one, but things have changed since and RFC7231+7234 made it clear that in fact only GET/HEAD/OPTIONS/TRACE are cacheable. Currently this rule is only used to detect cacheable cookies.
2025-08-07 15:47:01 +02:00 · 2017-12-21 11:32:55 +01:00 · 2017-12-21 11:32:55 +01:00 · 24ea0bcb1d
commit 24ea0bcb1d
parent fe7456f3b7
2 changed files with 19 additions and 7 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -5440,8 +5440,9 @@ no option checkcache
    - all those without "Set-Cookie" header ;
    - all those with a return code other than 200, 203, 206, 300, 301, 410,
      provided that the server has not set a "Cache-control: public" header ;
-    - all those that come from a POST request, provided that the server has not
-      set a 'Cache-Control: public' header ;
+    - all those that result from a request using a method other than GET, HEAD,
+      OPTIONS, TRACE, provided that the server has not set a 'Cache-Control:
+      public' header field ;
    - those with a 'Pragma: no-cache' header
    - those with a 'Cache-control: private' header
    - those with a 'Cache-control: no-store' header
--- a/src/proto_http.c
+++ b/src/proto_http.c
@ -5398,12 +5398,23 @@ int http_wait_for_response(struct stream *s, struct channel *rep, int an_bit)
 		 *    by a cache (...) unless a cache-control
 		 *    directive prohibits caching."
 		 *
-		 * RFC2616 @9.5: POST method :
-		 *   "Responses to this method are not cacheable,
-		 *    unless the response includes appropriate
-		 *    Cache-Control or Expires header fields."
+		 * RFC7234#4:
+		 *   A cache MUST write through requests with methods
+		 *   that are unsafe (Section 4.2.1 of [RFC7231]) to
+		 *   the origin server; i.e., a cache is not allowed
+		 *   to generate a reply to such a request before
+		 *   having forwarded the request and having received
+		 *   a corresponding response.
+		 *
+		 * RFC7231#4.2.1:
+		 *   Of the request methods defined by this
+		 *   specification, the GET, HEAD, OPTIONS, and TRACE
+		 *   methods are defined to be safe.
 		 */
-		if (likely(txn->meth != HTTP_METH_POST) &&
+		if (likely(txn->meth == HTTP_METH_GET ||
+		           txn->meth == HTTP_METH_HEAD ||
+		           txn->meth == HTTP_METH_OPTIONS ||
+		           txn->meth == HTTP_METH_TRACE) &&
 		    ((s->be->options & PR_O_CHK_CACHE) || (s->be->ck_opts & PR_CK_NOC)))
 			txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
 		break;