Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-09-27 23:30:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

http-cache: do not cache responses from requests with authorization

Browse source
This commit is contained in:
Gregory Terzian 2019-06-20 06:18:25 -07:00
parent 049817c5a7
commit 67494d4776
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
components/net/http_cache.rs
View file

@ -802,6 +802,15 @@ impl HttpCache {
// Only Get requests are cached. // Only Get requests are cached.
return; return;
} }
if request.headers.contains_key(header::AUTHORIZATION) {
// https://tools.ietf.org/html/rfc7234#section-3.1
// A shared cache MUST NOT use a cached response
// to a request with an Authorization header field
//
// TODO: unless a cache directive that allows such
// responses to be stored is present in the response.
return;
};
let entry_key = CacheKey::new(request.clone()); let entry_key = CacheKey::new(request.clone());
let metadata = match response.metadata() { let metadata = match response.metadata() {
Ok(FetchMetadata::Filtered { Ok(FetchMetadata::Filtered {