BUG/MEDIUM: cache: don't cache the response on no-cache="set-cookie"

If the server mentions no-cache="set-cookie" in the response headers, we must guarantee that any set-cookie field will not be stored. We cannot edit the stored response on the fly to trim the set-cookie header so we can refrain from storing a response containing such a header. In theory we could use TX_SCK_PRESENT for this but this one is only set when the cookie is being watched by the configuration. Since these responses are not very frequent and often accompanied with a set-cookie header, let's simply refrain from caching whenever such directive is present. This needs to be backported to 1.8.
2025-08-06 23:27:04 +02:00 · 2017-12-22 18:03:04 +01:00 · 2017-12-22 18:03:04 +01:00 · d4569d1937
commit d4569d1937
parent 504455c533
1 changed files with 1 additions and 1 deletions
--- a/src/cache.c
+++ b/src/cache.c
@ -433,7 +433,7 @@ enum act_return http_action_store_cache(struct act_rule *rule, struct proxy *px,

 	check_response_for_cacheability(s, &s->res);

-	if (!(txn->flags & TX_CACHEABLE))
+	if (!(txn->flags & TX_CACHEABLE) || !(txn->flags & TX_CACHE_COOK))
 		goto out;

 	if ((msg->sov + msg->body_len) > (global.tune.bufsize - global.tune.maxrewrite))