silverstripe-framework/tests/php/Control/HTTPCacheControlIntegrationTest.php

<?php

namespace SilverStripe\Control\Tests;

use SilverStripe\Control\HTTP;
use SilverStripe\Control\Middleware\HTTPCacheControlMiddleware;
use SilverStripe\Control\Tests\HTTPCacheControlIntegrationTest\RuleController;
use SilverStripe\Control\Tests\HTTPCacheControlIntegrationTest\SessionController;
use SilverStripe\Core\Config\Config;
use SilverStripe\Dev\FunctionalTest;

class HTTPCacheControlIntegrationTest extends FunctionalTest
{
    protected static $extra_controllers = [
        SessionController::class,
        RuleController::class,
    ];

    protected function setUp(): void
    {
        parent::setUp();
        HTTPCacheControlMiddleware::config()
            ->set('defaultState', 'disabled')
            ->set('defaultForcingLevel', 0);
        HTTPCacheControlMiddleware::reset();
    }

    public function testFormCSRF()
    {
        // CSRF sets caching to disabled
        $response = $this->get('HTTPCacheControlIntegrationTest_SessionController/showform');
        $header = $response->getHeader('Cache-Control');
        $this->assertFalse($response->isError());
        $this->assertStringNotContainsString('public', $header);
        $this->assertStringNotContainsString('private', $header);
        $this->assertStringContainsString('no-cache', $header);
        $this->assertStringContainsString('no-store', $header);
        $this->assertStringContainsString('must-revalidate', $header);
    }

    public function testPublicForm()
    {
        // Public forms (http get) allow public caching
        $response = $this->get('HTTPCacheControlIntegrationTest_SessionController/showpublicform');
        $header = $response->getHeader('Cache-Control');
        $this->assertFalse($response->isError());
        $this->assertStringContainsString('public', $header);
        $this->assertStringContainsString('must-revalidate', $header);
        $this->assertStringNotContainsString('no-cache', $response->getHeader('Cache-Control'));
        $this->assertStringNotContainsString('no-store', $response->getHeader('Cache-Control'));
    }

    public function testPrivateActionsError()
    {
        // disallowed private actions don't cache
        $response = $this->get('HTTPCacheControlIntegrationTest_SessionController/privateaction');
        $header = $response->getHeader('Cache-Control');
        $this->assertTrue($response->isError());
        $this->assertStringContainsString('no-cache', $header);
        $this->assertStringContainsString('no-store', $header);
        $this->assertStringContainsString('must-revalidate', $header);
    }

    public function testPrivateActionsAuthenticated()
    {
        $this->logInWithPermission('ADMIN');
        // Authenticated actions are private cache
        $response = $this->get('HTTPCacheControlIntegrationTest_SessionController/privateaction');
        $header = $response->getHeader('Cache-Control');
        $this->assertFalse($response->isError());
        $this->assertStringContainsString('private', $header);
        $this->assertStringContainsString('must-revalidate', $header);
        $this->assertStringNotContainsString('no-cache', $header);
        $this->assertStringNotContainsString('no-store', $header);
    }

    public function testPrivateCache()
    {
        $response = $this->get('HTTPCacheControlIntegrationTest_RuleController/privateaction');
        $header = $response->getHeader('Cache-Control');
        $this->assertFalse($response->isError());
        $this->assertStringContainsString('private', $header);
        $this->assertStringContainsString('must-revalidate', $header);
        $this->assertStringNotContainsString('no-cache', $header);
        $this->assertStringNotContainsString('no-store', $header);
    }

    public function testPublicCache()
    {
        $response = $this->get('HTTPCacheControlIntegrationTest_RuleController/publicaction');
        $header = $response->getHeader('Cache-Control');
        $this->assertFalse($response->isError());
        $this->assertStringContainsString('public', $header);
        $this->assertStringContainsString('must-revalidate', $header);
        $this->assertStringNotContainsString('no-cache', $header);
        $this->assertStringNotContainsString('no-store', $header);
        $this->assertStringContainsString('max-age=9000', $header);
    }

    public function testDisabledCache()
    {
        $response = $this->get('HTTPCacheControlIntegrationTest_RuleController/disabledaction');
        $header = $response->getHeader('Cache-Control');
        $this->assertFalse($response->isError());
        $this->assertStringNotContainsString('public', $header);
        $this->assertStringNotContainsString('private', $header);
        $this->assertStringContainsString('no-cache', $header);
        $this->assertStringContainsString('no-store', $header);
        $this->assertStringContainsString('must-revalidate', $header);
    }
}