Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Removed all ignore_headers before writing to the cache

By default, this will strip the Set-Cookie response header before storing a
cacheable response.
  • Loading branch information...
commit d668c883e93c556a1ef02f019ebfcb78df3fe75e 1 parent 566f5d5
@rmm5t rmm5t authored
Showing with 28 additions and 0 deletions.
  1. +8 −0 lib/rack/cache/context.rb
  2. +20 −0 test/context_test.rb
View
8 lib/rack/cache/context.rb
@@ -260,6 +260,7 @@ def fetch
# Write the response to the cache.
def store(response)
+ strip_ignore_headers(response)
metastore.store(@request, response, entitystore)
response.headers['Age'] = response.age.to_s
rescue Exception => e
@@ -269,6 +270,13 @@ def store(response)
record :store
end
+ # Remove all ignored response headers before writing to the cache.
+ def strip_ignore_headers(response)
+ ignore_headers.each do |name|
+ response.headers.delete(name)
+ end
+ end
+
def log_error(exception)
@env['rack.errors'].write("cache error: #{exception.message}\n#{exception.backtrace.join("\n")}\n")
end
View
20 test/context_test.rb
@@ -85,6 +85,26 @@
response.headers['Cache-Control'].should.equal 'private'
end
+ it 'does remove Set-Cookie response header from a cacheable response' do
+ respond_with 200, 'Cache-Control' => 'public', 'ETag' => '"FOO"', 'Set-Cookie' => 'TestCookie=OK'
+ get '/'
+
+ app.should.be.called
+ response.should.be.ok
+ cache.trace.should.include :store
+ response.headers['Set-Cookie'].should.be.nil
+ end
+
+ it 'does not remove Set-Cookie response header from a private response' do
+ respond_with 200, 'Cache-Control' => 'private', 'Set-Cookie' => 'TestCookie=OK'
+ get '/'
+
+ app.should.be.called
+ response.should.be.ok
+ cache.trace.should.not.include :store
+ response.headers['Set-Cookie'].should.equal 'TestCookie=OK'
+ end
+
it 'responds with 304 when If-Modified-Since matches Last-Modified' do
timestamp = Time.now.httpdate
respond_with do |req,res|
Please sign in to comment.
Something went wrong with that request. Please try again.