fdiary opened a new issue #7839: URL: https://github.com/apache/trafficserver/issues/7839
Hi, POST method request will delete existing cache with the same URL, i.e. anyone can flush the cache of any URL by simply sending a POST method request, that is not an expected behaviour, I believe. This is the behaviour with the configuration where `proxy.config.http.cache.post_method` is `0` (the default value). ``` $ curl -v --output /dev/null http://cacheable.example.com/ |& grep age: age: 0 <-- initial request, thus fresh response $ curl -v --output /dev/null http://cacheable.example.com/ |& grep age: age: 1 <-- cached response $ curl -X POST -v --output /dev/null http://cacheable.example.com/ |& grep age: age: 0 <-- fresh response, because POST is not cachable $ curl -v --output /dev/null http://cacheable.example.com/ |& grep age: age: 0 <-- fresh response, because the existing cache was deleted by POST request above ``` This is because `is_method_cacheable` is false for POST method request https://github.com/apache/trafficserver/blob/3bb1ae9fa5c71b8e65cb782f402d8780b522693d/proxy/http/HttpTransactHeaders.cc#L44 but `does_method_require_cache_copy_deletion` is true https://github.com/apache/trafficserver/blob/3bb1ae9fa5c71b8e65cb782f402d8780b522693d/proxy/http/HttpTransact.cc#L666 that is called in `issue_revalidate` where the existing cache will be deleted. https://github.com/apache/trafficserver/blob/3bb1ae9fa5c71b8e65cb782f402d8780b522693d/proxy/http/HttpTransact.cc#L2419 (`does_method_require_cache_copy_deletion` is also used in `HandleCacheOpenReadMiss`, where it just does `CACHE_DO_NO_ACTION`.) https://github.com/apache/trafficserver/blob/3bb1ae9fa5c71b8e65cb782f402d8780b522693d/proxy/http/HttpTransact.cc#L3262 For now I am not sure what is the right way to fix this issue. `does_method_require_cache_copy_deletion` should exclude cases where `is_method_cacheable` is true ? Or `issue_revalidate` should delete cache only when both `is_method_cacheable` and `does_method_require_cache_copy_deletion` are true ? Thanks in advance ! Kazuhiko -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
