Skip to content

Commit

Permalink
Merge pull request #400 from FriendsOfSymfony/robust-no-cache-hash-mi…
Browse files Browse the repository at this point in the history
…smatch

make sure no caching happens when hash mismatch
  • Loading branch information
dbu authored Nov 9, 2017
2 parents bcdecd7 + aeaf090 commit 22853b5
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
7 changes: 6 additions & 1 deletion EventListener/UserContextSubscriber.php
Original file line number Diff line number Diff line change
Expand Up @@ -166,8 +166,13 @@ public function onKernelResponse(FilterResponseEvent $event)
if ($request->headers->has($this->hashHeader)) {
// hash has changed, session has most certainly changed, prevent setting incorrect cache
if (!is_null($this->hash) && $this->hash !== $request->headers->get($this->hashHeader)) {
$response->setClientTtl(0);
$response->setCache([
'max_age' => 0,
's_maxage' => 0,
'private' => true,
]);
$response->headers->addCacheControlDirective('no-cache');
$response->headers->addCacheControlDirective('no-store');

return;
}
Expand Down
2 changes: 1 addition & 1 deletion Tests/Unit/EventListener/UserContextSubscriberTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,7 @@ public function testFullRequestHashChanged()
$userContextSubscriber->onKernelResponse($event);

$this->assertFalse($event->getResponse()->headers->has('Vary'));
$this->assertEquals('max-age=0, no-cache, private', $event->getResponse()->headers->get('Cache-Control'));
$this->assertEquals('max-age=0, no-cache, no-store, private, s-maxage=0', $event->getResponse()->headers->get('Cache-Control'));
}

protected function getKernelRequestEvent(Request $request, $type = HttpKernelInterface::MASTER_REQUEST)
Expand Down

0 comments on commit 22853b5

Please sign in to comment.