HTTP Compliance: do not cache replies to requests with CC/no-store. Per RFC 2616, do not store any part of response to requests with no-store Cache-Control directive. We may still serve no-store requests from the cache because RFC 2616 does not seem to prohibit that. This may change if HTTPbis or developers decide to prohibit no-store hits. Co-Advisor test case: test_case/rfc2616/ccReqDirMsg-no-store-basic === modified file 'src/http.cc' --- src/http.cc 2010-09-14 07:37:38 +0000 +++ src/http.cc 2010-09-22 15:56:41 +0000 @@ -354,40 +354,46 @@ HttpStateData::cacheableReply() const char *v; #if USE_HTTP_VIOLATIONS const refresh_t *R = NULL; /* This strange looking define first looks up the refresh pattern * and then checks if the specified flag is set. The main purpose * of this is to simplify the refresh pattern lookup and USE_HTTP_VIOLATIONS * condition */ #define REFRESH_OVERRIDE(flag) \ ((R = (R ? R : refreshLimits(entry->mem_obj->url))) , \ (R && R->flags.flag)) #else #define REFRESH_OVERRIDE(flag) 0 #endif if (surrogateNoStore) return 0; + // RFC 2616: do not cache replies to responses with no-store CC directive + if (request && request->cache_control && + EBIT_TEST(request->cache_control->mask, CC_NO_STORE) && + !REFRESH_OVERRIDE(ignore_no_store)) + return 0; + if (!ignoreCacheControl) { if (EBIT_TEST(cc_mask, CC_PRIVATE)) { if (!REFRESH_OVERRIDE(ignore_private)) return 0; } if (EBIT_TEST(cc_mask, CC_NO_CACHE)) { if (!REFRESH_OVERRIDE(ignore_no_cache)) return 0; } if (EBIT_TEST(cc_mask, CC_NO_STORE)) { if (!REFRESH_OVERRIDE(ignore_no_store)) return 0; } } if (request->flags.auth || request->flags.auth_sent) { /* * Responses to requests with authorization may be cached