Permalink
Browse files

NEW: Improve HTTP caching logic to automatically disable caching for …

…requests that use the session.

This improvement makes it easier to set a side-wide default cache time without needing to worry about CSRF-protected forms, etc.
  • Loading branch information...
1 parent b114aa2 commit 2916f2043cc31317c0ec1ea54449e18c93b5e1cb Hamish Friedlander committed with sminnee Sep 29, 2011
Showing with 15 additions and 4 deletions.
  1. +3 −0 control/Controller.php
  2. +2 −2 control/HTTP.php
  3. +10 −2 forms/Form.php
View
@@ -477,6 +477,9 @@ public function redirect($url, $code=302) {
* @uses redirect()
*/
public function redirectBack() {
+ // Don't cache the redirect back ever
+ HTTP::set_cache_age(0);
+
$url = null;
// In edge-cases, this will be called outside of a handleRequest() context; in that case,
View
@@ -285,14 +285,14 @@ public static function add_cache_headers($body = null) {
}
if(self::$cache_age > 0) {
- $responseHeaders["Cache-Control"] = "max-age=" . self::$cache_age . ", must-revalidate";
+ $responseHeaders["Cache-Control"] = "max-age=" . self::$cache_age . ", must-revalidate, no-transform";
$responseHeaders["Pragma"] = "";
// To do: User-Agent should only be added in situations where you *are* actually varying according to user-agent.
$responseHeaders['Vary'] = 'Cookie, X-Forwarded-Protocol, User-Agent';
} else {
- $responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate";
+ $responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform";
}
if(self::$modification_date && self::$cache_age > 0) {
View
@@ -707,8 +707,16 @@ public function getAttributesHTML($attrs = null) {
if(!$attrs || is_string($attrs)) $attrs = $this->getAttributes();
- // Forms shouldn't be cached, cos their error messages won't be shown
- HTTP::set_cache_age(0);
+ // Figure out if we can cache this form
+ // - forms with validation shouldn't be cached, cos their error messages won't be shown
+ // - forms with security tokens shouldn't be cached because security tokens expire
+ $needsCacheDisabled = false;
+ if ($this->getSecurityToken()->isEnabled()) $needsCacheDisabled = true;
+ if ($this->FormMethod() != 'get') $needsCacheDisabled = true;
+ if (!($this->validator instanceof RequiredFields) || count($this->validator->getRequired())) $needsCacheDisabled = true;
+
+ // If we need to disable cache, do it
+ if ($needsCacheDisabled) HTTP::set_cache_age(0);
$attrs = $this->getAttributes();

0 comments on commit 2916f20

Please sign in to comment.