Skip to content
Permalink
Browse files

http-cache: do not cache responses from requests with authorization

  • Loading branch information...
gterzian committed Jun 20, 2019
1 parent 049817c commit 67494d477667001910148647b03118534b7d7f82
Showing with 9 additions and 0 deletions.
  1. +9 −0 components/net/http_cache.rs
@@ -802,6 +802,15 @@ impl HttpCache {
// Only Get requests are cached.
return;
}
if request.headers.contains_key(header::AUTHORIZATION) {
// https://tools.ietf.org/html/rfc7234#section-3.1
// A shared cache MUST NOT use a cached response
// to a request with an Authorization header field
//
// TODO: unless a cache directive that allows such
// responses to be stored is present in the response.
return;
};
let entry_key = CacheKey::new(request.clone());
let metadata = match response.metadata() {
Ok(FetchMetadata::Filtered {

0 comments on commit 67494d4

Please sign in to comment.
You can’t perform that action at this time.