mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
Clarify use of HTTP Pragma response header
The HTTP Pragma header is obsolete for HTTP 1.1, and technically only defined for a HTTP request (not response). Refer to https://www.mnot.net/cache_docs/#PRAGMA ,http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32. It is superseded by the "Cache-Control" directive. See HTTP 1.1 spec at https://tools.ietf.org/html/rfc7234#section-5.4: 'Because the meaning of "Pragma: no-cache" in responses is not specified, it does not provide a reliable replacement for "Cache-Control: no-cache" in them.' Sending a "Pragma: nocache" response header is a prudent backwards compatibility measure for HTTP 1.0 clients. The intended behaviour is for the majority clients as well as any intermediary proxies to ignore this header. Sending an empty Pragma is a known hack for preventing PHP from adding "Pragma: nocache" to responses with started sessions (see http://php.net/session_cache_limiter), since PHP does not allow unsetting existing header() calls.
This commit is contained in:
parent
0c97192558
commit
dc650e3cf1
@ -307,6 +307,9 @@ class HTTP {
|
||||
|
||||
/**
|
||||
* Add the appropriate caching headers to the response, including If-Modified-Since / 304 handling.
|
||||
* Note that setting HTTP::$cache_age will overrule any cache headers set by PHP's
|
||||
* session_cache_limiter functionality. It is your responsibility to ensure only cacheable data
|
||||
* is in fact cached, and HTTP::$cache_age isn't set when the HTTP body contains session-specific content.
|
||||
*
|
||||
* @param SS_HTTPResponse The SS_HTTPResponse object to augment. Omitted the argument or passing a string is
|
||||
* deprecated; in these cases, the headers are output directly.
|
||||
@ -345,6 +348,11 @@ class HTTP {
|
||||
|
||||
if($cacheAge > 0) {
|
||||
$responseHeaders["Cache-Control"] = "max-age={$cacheAge}, must-revalidate, no-transform";
|
||||
|
||||
// Set empty pragma to avoid PHP's session_cache_limiter adding conflicting caching information,
|
||||
// defaulting to "nocache" on most PHP configurations (see http://php.net/session_cache_limiter).
|
||||
// Since it's a deprecated HTTP 1.0 option, all modern HTTP clients and proxies should
|
||||
// prefer the caching information indicated through the "Cache-Control" header.
|
||||
$responseHeaders["Pragma"] = "";
|
||||
|
||||
// To do: User-Agent should only be added in situations where you *are* actually
|
||||
@ -369,6 +377,11 @@ class HTTP {
|
||||
// (http://support.microsoft.com/kb/323308)
|
||||
// Note: this is also fixable by ticking "Do not save encrypted pages to disk" in advanced options.
|
||||
$responseHeaders["Cache-Control"] = "max-age=3, must-revalidate, no-transform";
|
||||
|
||||
// Set empty pragma to avoid PHP's session_cache_limiter adding conflicting caching information,
|
||||
// defaulting to "nocache" on most PHP configurations (see http://php.net/session_cache_limiter).
|
||||
// Since it's a deprecated HTTP 1.0 option, all modern HTTP clients and proxies should
|
||||
// prefer the caching information indicated through the "Cache-Control" header.
|
||||
$responseHeaders["Pragma"] = "";
|
||||
} else {
|
||||
$responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform";
|
||||
|
Loading…
x
Reference in New Issue
Block a user