[webkit-changes] [WebKit/WebKit] a40855: Treat invalid Expires headers as already expired

Thu, 18 Jun 2026 01:02:55 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a408554a02a77dd23b5f3ca1680c7c21c9593a10
      
https://github.com/WebKit/WebKit/commit/a408554a02a77dd23b5f3ca1680c7c21c9593a10
  Author: Charlie Wolfe <[email protected]>
  Date:   2026-06-18 (Thu, 18 Jun 2026)

  Changed paths:
    M 
LayoutTests/imported/w3c/web-platform-tests/fetch/http-cache/freshness.any-expected.txt
    M 
LayoutTests/imported/w3c/web-platform-tests/fetch/http-cache/freshness.any.serviceworker-expected.txt
    M 
LayoutTests/imported/w3c/web-platform-tests/fetch/http-cache/freshness.any.sharedworker-expected.txt
    M 
LayoutTests/imported/w3c/web-platform-tests/fetch/http-cache/freshness.any.worker-expected.txt
    M Source/WebCore/platform/network/CacheValidation.cpp

  Log Message:
  -----------
  Treat invalid Expires headers as already expired
https://bugs.webkit.org/show_bug.cgi?id=317246

Reviewed by Chris Dumez.

computeFreshnessLifetimeForHTTPFamily() only consulted Expires when it parsed 
as a valid HTTP-date;
a present-but-invalid value made ResourceResponse::expires() return nullopt, so 
the function fell
through to Last-Modified heuristic freshness and could wrongly treat the 
response as fresh. Return
a zero freshness lifetime when an Expires header is present but did not parse, 
instead of falling
through to the heuristic.

A cache recipient MUST interpret invalid date formats, especially the value 
"0", as representing a
time in the past (i.e., "already expired")
 - https://www.rfc-editor.org/info/rfc9111/#section-5.3-7

* 
LayoutTests/imported/w3c/web-platform-tests/fetch/http-cache/freshness.any-expected.txt:
* 
LayoutTests/imported/w3c/web-platform-tests/fetch/http-cache/freshness.any.serviceworker-expected.txt:
* 
LayoutTests/imported/w3c/web-platform-tests/fetch/http-cache/freshness.any.sharedworker-expected.txt:
* 
LayoutTests/imported/w3c/web-platform-tests/fetch/http-cache/freshness.any.worker-expected.txt:
* Source/WebCore/platform/network/CacheValidation.cpp:
(WebCore::computeFreshnessLifetimeForHTTPFamily):

Canonical link: https://commits.webkit.org/315448@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to