From aeaf0904cc4cdb14091744418c2be46eadb79dc8 Mon Sep 17 00:00:00 2001 From: David Buchmann Date: Thu, 9 Nov 2017 15:48:41 +0100 Subject: [PATCH] make sure no caching happens when hash mismatch --- EventListener/UserContextSubscriber.php | 7 ++++++- Tests/Unit/EventListener/UserContextSubscriberTest.php | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/EventListener/UserContextSubscriber.php b/EventListener/UserContextSubscriber.php index 8a1fc3a9..2146a711 100644 --- a/EventListener/UserContextSubscriber.php +++ b/EventListener/UserContextSubscriber.php @@ -166,8 +166,13 @@ public function onKernelResponse(FilterResponseEvent $event) if ($request->headers->has($this->hashHeader)) { // hash has changed, session has most certainly changed, prevent setting incorrect cache if (!is_null($this->hash) && $this->hash !== $request->headers->get($this->hashHeader)) { - $response->setClientTtl(0); + $response->setCache([ + 'max_age' => 0, + 's_maxage' => 0, + 'private' => true, + ]); $response->headers->addCacheControlDirective('no-cache'); + $response->headers->addCacheControlDirective('no-store'); return; } diff --git a/Tests/Unit/EventListener/UserContextSubscriberTest.php b/Tests/Unit/EventListener/UserContextSubscriberTest.php index 2627b208..8777dbf2 100644 --- a/Tests/Unit/EventListener/UserContextSubscriberTest.php +++ b/Tests/Unit/EventListener/UserContextSubscriberTest.php @@ -259,7 +259,7 @@ public function testFullRequestHashChanged() $userContextSubscriber->onKernelResponse($event); $this->assertFalse($event->getResponse()->headers->has('Vary')); - $this->assertEquals('max-age=0, no-cache, private', $event->getResponse()->headers->get('Cache-Control')); + $this->assertEquals('max-age=0, no-cache, no-store, private, s-maxage=0', $event->getResponse()->headers->get('Cache-Control')); } protected function getKernelRequestEvent(Request $request, $type = HttpKernelInterface::MASTER_REQUEST)