[web] stop adding an Expires header with all responses
As per RFC 1945 (HTTP 1.0):
If the date given is equal to or earlier than the value of the Date
header, the recipient must not cache the enclosed entity.
As per RFC 7234 (HTTP 1.1 Caching):
If a response includes a Cache-Control field with the max-age
directive (Section 5.2.2.8), a recipient MUST ignore the Expires
field.
Bottom line, the Expires header is now handled wherever the
Cache-Control is handled: inside cache managers.
--- a/web/httpcache.py Fri Nov 20 17:13:03 2015 +0100
+++ b/web/httpcache.py Thu Nov 19 18:55:10 2015 +0100
@@ -31,6 +31,7 @@
def set_headers(self):
self.req.set_header('Cache-control', 'no-cache')
+ self.req.set_header('Expires', 'Sat, 01 Jan 2000 00:00:00 GMT')
class MaxAgeHTTPCacheManager(NoHTTPCacheManager):
@@ -68,7 +69,7 @@
try:
req.set_header('Etag', '"%s"' % self.etag())
except NoEtag:
- self.req.set_header('Cache-control', 'no-cache')
+ super(EtagHTTPCacheManager, self).set_headers()
return
req.set_header('Cache-control',
'must-revalidate,max-age=%s' % self.max_age())
--- a/web/request.py Fri Nov 20 17:13:03 2015 +0100
+++ b/web/request.py Thu Nov 19 18:55:10 2015 +0100
@@ -730,12 +730,7 @@
if validators: # if we have no
modified = any(func(val, self.headers_out) for func, val in validators)
# Forge expected response
- if modified:
- if 'Expires' not in self.headers_out:
- # Expires header seems to be required by IE7 -- Are you sure ?
- self.add_header('Expires', 'Sat, 01 Jan 2000 00:00:00 GMT')
- # /!\ no raise, the function returns and we keep processing the request
- else:
+ if not modified:
# overwrite headers_out to forge a brand new not-modified response
self.headers_out = self._forge_cached_headers()
if self.http_method() in ('HEAD', 'GET'):
--- a/web/test/unittest_http.py Fri Nov 20 17:13:03 2015 +0100
+++ b/web/test/unittest_http.py Thu Nov 19 18:55:10 2015 +0100
@@ -253,46 +253,6 @@
req = _test_cache(hin, hout, method='POST')
self.assertCache(412, req.status_out, 'not modifier HEAD verb')
- @tag('expires')
- def test_expires_added(self):
- #: Check that Expires header is added:
- #: - when the page is modified
- #: - when none was already present
- hin = [('if-none-match', 'babar'),
- ]
- hout = [('etag', 'rhino/really-not-babar'),
- ]
- req = _test_cache(hin, hout)
- self.assertCache(None, req.status_out, 'modifier HEAD verb')
- value = req.headers_out.getHeader('expires')
- self.assertIsNotNone(value)
-
- @tag('expires')
- def test_expires_not_added(self):
- #: Check that Expires header is not added if NOT-MODIFIED
- hin = [('if-none-match', 'babar'),
- ]
- hout = [('etag', 'babar'),
- ]
- req = _test_cache(hin, hout)
- self.assertCache(304, req.status_out, 'not modifier HEAD verb')
- value = req.headers_out.getHeader('expires')
- self.assertIsNone(value)
-
- @tag('expires')
- def test_expires_no_overwrite(self):
- #: Check that cache does not overwrite existing Expires header
- hin = [('if-none-match', 'babar'),
- ]
- DATE = 'Sat, 13 Apr 2012 14:39:32 GM'
- hout = [('etag', 'rhino/really-not-babar'),
- ('expires', DATE),
- ]
- req = _test_cache(hin, hout)
- self.assertCache(None, req.status_out, 'not modifier HEAD verb')
- value = req.headers_out.getRawHeaders('expires')
- self.assertEqual(value, [DATE])
-
alloworig = 'access-control-allow-origin'
allowmethods = 'access-control-allow-methods'