Page headers not suitable for HTTP caching
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Francis J. Lacoste |
Bug Description
HTTP includes headers for allowing a cache to infer when a page that is
shared between clients can be shared - in particular the Vary header is
used to inform caches which headers in a request are used to determine
the content of responses.
Apparently the webapp doesn't issue such headers today, and this lead to
incorrect content being handed to users.
At a minimum we probably need
Vary: Cookie, WWW-Authenticate
(as although www-authenticated pages are not cachable, we don't want
them to push cookie authed pages out of cache).
There are various extensions we can do to get more capability out of
caches; but this a minimum for correctness - and as we want to serve
parts of LP over HTTP it is needed or intercepting caches in ISP's and
organisations will show up the current lack of information in the
headers.
affects launchpad
--
GPG key available at: <http://
Changed in launchpad: | |
importance: | Undecided → High |
milestone: | none → 2.2.2 |
status: | New → Triaged |
Changed in launchpad: | |
assignee: | nobody → flacoste |
status: | Triaged → In Progress |
Changed in launchpad: | |
milestone: | 2.2.2 → none |
Changed in launchpad-foundations: | |
milestone: | none → 2.2.2 |
Changed in launchpad-foundations: | |
status: | Fix Committed → Fix Released |
Fixed in RF 7715 and 7719.