Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-32183

HTTP Cache is not working

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • 3.2.2
    • Platform > HTTPCache
    • None

    • all

    Description

      It is always hard to debug/be sure when it comes to HTTP cache.

       

      I think I have detected no less than 3 issues:

       

      1/ security.yaml

      ezpublish_front:
    pattern: ^/
    user_checker: eZ\Publish\Core\MVC\Symfony\Security\UserChecker
    anonymous: true
    ezpublish_rest_session: ~
    guard:
        authenticator: 'EzSystems\EzPlatformPageBuilder\Security\EditorialMode\TokenAuthenticator'
    form_login:
        require_previous_session: false
        csrf_token_generator: security.csrf.token_manager
    logout: ~

      `lazy: true` is missing, according to symfony doc that is the default.

       

      Why? because of

      2/ Session is considered like OPEN

      I don't exactly know why but we enter into the Symfony Code that adds the `private` `must-revalidate`

      ezplatform/vendor/symfony/http-kernel/EventListener/AbstractSessionListener.php line 122

      Session is not opened but the `getUsageIndex' is > 0

       

      EDIT: eZ/Publish/Core/MVC/Symfony/Security/EventListener/SecurityListener.php is checking the SiteAccess login permissions with a isGranted which does the getUser and increment the  getUsageIndex

       

      Because of that Varnish or Fastly considers it and that's a MISS.

       

      3/ max-age is forced anyway to 600

      Let's consider 1/ and 2/ does not exist.

      if (req.restarts == 0 && resp.http.content-type ~ "application/vnd.fos.user-context-hash") {
    set req.http.x-user-context-hash = resp.http.x-user-context-hash;

    return (restart);
}

if (resp.http.Vary ~ "X-User-Context-Hash") {
    set resp.http.Vary = regsub(resp.http.Vary, "(?i),? *X-User-Context-Hash *", "");
    set resp.http.Vary = regsub(resp.http.Vary, "^, *", "");
    if (resp.http.Vary == "") {
        unset resp.http.Vary;
    }

    if (req.http.cookie) {
        set resp.http.cache-control = "private, no-cache, no-store, must-revalidate";
    } else if (resp.http.cache-control ~ "public") {
        set resp.http.cache-control = "public, s-maxage=600, stale-while-revalidate=300, stale-if-error=300";
    }
}

      So:

      If no `x-user-context-hash` in the Request, it is added, then in the code, there is an If in the view controller.

      if `x-user-context-hash` exists then we vary on `x-user-context-hash` .... so at the end the vary is always there.

      Which ultimately enters into the else that sets s-maxage 600.

       

      #REPRODUCER

       

      • Install Ibexa
      • load the page
      • look at the header
      • and see `max-age=0, must-revalidate, private, s-maxage=86400` (see attached)

       

      Regarding the lazy: that's here: https://symfony.com/doc/current/security.html#a-authentication-firewalls

       

      Regarding the Vary, the code is self-explanatory

       

       

       

       

      Attachments

        1. Screen Shot 2020-11-26 at 12.30.08 AM.png
          Screen Shot 2020-11-26 at 12.30.08 AM.png
          1.82 MB

        Activity

          People

            Unassigned Unassigned
            2bfcc1b1-0b8e-4fb5-9c24-c434957abb69@accounts.ibexa.co Sébastien Morel
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: