allow for only no-store in cache-control header

2020-05-28 13:37:43 +08:00 · 2020-05-28 13:37:43 +08:00 · e06f7b3ef7
commit e06f7b3ef7
parent ee247c850e
4 changed files with 28 additions and 2 deletions
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@ -1,3 +1,9 @@
+*   Added support for exclusive no-store Cache-Control header.
+
+    If `no-store` is set on Cache-Control header it is exclusive (all other cache directives are dropped).
+
+    *Chris Kruger*
+
 *   Catch invalid UTF-8 parameters for POST requests and respond with BadRequest.

    Additionally, perform `#set_binary_encoding` in `ActionDispatch::Http::Request#GET` and
--- a/actionpack/lib/action_dispatch/http/cache.rb
+++ b/actionpack/lib/action_dispatch/http/cache.rb
@ -125,7 +125,7 @@ def strong_etag?
      private
        DATE          = "Date"
        LAST_MODIFIED = "Last-Modified"
-        SPECIAL_KEYS  = Set.new(%w[extras no-cache max-age public private must-revalidate])
+        SPECIAL_KEYS  = Set.new(%w[extras no-store no-cache max-age public private must-revalidate])

        def generate_weak_etag(validators)
          "W/#{generate_strong_etag(validators)}"
@ -166,6 +166,7 @@ def prepare_cache_control!
        end

        DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate"
+        NO_STORE              = "no-store"
        NO_CACHE              = "no-cache"
        PUBLIC                = "public"
        PRIVATE               = "private"
@ -194,7 +195,9 @@ def merge_and_normalize_cache_control!(cache_control)

          control.merge! cache_control

-          if control[:no_cache]
+          if control[:no_store]
+            self._cache_control = NO_STORE
+          elsif control[:no_cache]
            options = []
            options << PUBLIC if control[:public]
            options << NO_CACHE
--- a/actionpack/test/dispatch/live_response_test.rb
+++ b/actionpack/test/dispatch/live_response_test.rb
@ -62,6 +62,12 @@ def test_cache_control_is_set_manually
        assert_equal "public", @response.headers["Cache-Control"]
      end

+      def test_cache_control_no_store_is_respected
+        @response.set_header("Cache-Control", "private, no-store")
+        @response.stream.write "omg"
+        assert_equal "no-store", @response.headers["Cache-Control"]
+      end
+
      def test_content_length_is_removed
        @response.headers["Content-Length"] = "1234"
        @response.stream.write "omg"
--- a/actionpack/test/dispatch/response_test.rb
+++ b/actionpack/test/dispatch/response_test.rb
@ -295,6 +295,17 @@ def test_only_set_charset_still_defaults_to_text_html
    assert_equal("application/xml; charset=utf-16", resp.headers["Content-Type"])
  end

+  test "respect no-store cache-control" do
+    resp = ActionDispatch::Response.new.tap { |response|
+      response.cache_control[:public] = true
+      response.cache_control[:no_store] = true
+      response.body = "Hello"
+    }
+    resp.to_a
+
+    assert_equal("no-store", resp.headers["Cache-Control"])
+  end
+
  test "read content type with default charset utf-8" do
    resp = ActionDispatch::Response.new(200, "Content-Type" => "text/xml")
    assert_equal("utf-8", resp.charset)