RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-28 00:20:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
8a16fe0d05
haproxy/doc
History
William Lallemand 8a16fe0d05 BUG/MEDIUM: cache: don't cache when an Authorization header is present 
RFC 7234 says:

A cache MUST NOT store a response to any request, unless:
[...] the Authorization header field (see Section 4.2 of [RFC7235]) does
      not appear in the request, if the cache is shared, unless the
      response explicitly allows it (see Section 3.2), [...]

In this patch we completely disable the cache upon the receipt of an
Authorization header in the request. In this case it's not possible to
either use the cache or store into the cache anymore.

Thanks to Adam Eijdenberg of Digital Transformation Agency for raising
this issue.

This patch must be backported to 1.8.
2018-05-23 10:36:44 +02:00
..
design-thoughts MAJOR: tproxy: remove support for cttproxy 2015-08-20 19:35:14 +02:00
internals DOC: add some description of the pending rework of the buffer structure 2018-05-18 16:18:17 +02:00
lua-api MINOR: lua: add get_maxconn and set_maxconn to LUA Server class. 2018-05-03 18:53:42 +02:00
51Degrees-device-detection.txt DOC: 51d: Updated git URL and instructions for getting Hash Trie data files. 2017-10-06 16:47:25 +02:00
acl.fig
architecture.txt DOC: fix "workaround" spelling 2016-01-15 10:27:09 +01:00
close-options.txt
coding-style.txt DOC: update coding-style to reference checkpatch.pl 2015-09-21 16:45:45 +02:00
configuration.txt BUG/MEDIUM: cache: don't cache when an Authorization header is present 2018-05-23 10:36:44 +02:00
cookie-options.txt
DeviceAtlas-device-detection.txt DOC: move the device detection modules documentation to their own files 2016-11-08 15:06:21 +01:00
gpl.txt
haproxy.1 MINOR: doc: document the -x flag 2017-04-13 19:15:17 +02:00
intro.txt DOC/MINOR: intro: typo, wording, formatting fixes 2017-12-20 07:01:36 +01:00
lgpl.txt
linux-syn-cookies.txt DOC: add doc/linux-syn-cookies.txt 2015-08-11 12:17:41 +02:00
lua.txt DOC: lua: update the links to the config and Lua API 2018-04-19 15:12:26 +02:00
management.txt MINOR: ssl: Add payload support to "set ssl ocsp-response" 2018-04-26 14:20:09 +02:00
netscaler-client-ip-insertion-protocol.txt MEDIUM: netscaler: add support for standard NetScaler CIP protocol 2017-12-20 07:04:07 +01:00
network-namespaces.txt MAJOR: namespace: add Linux network namespace support 2014-11-21 07:51:57 +01:00
peers-v2.0.txt MINOR: stick-tables: Adds support for new "gpc1" and "gpc1_rate" counters. 2018-01-31 09:40:05 +01:00
peers.txt DOC: fix mangled version in peers protocol documentation 2017-11-24 18:10:24 +01:00
proxy-protocol.txt DOC: mention lighttpd 1.4.46 implements PROXY 2017-04-05 08:42:39 +02:00
queuing.fig
SPOE.txt DOC: spoe: fix a typo 2018-05-18 15:05:17 +02:00
WURFL-device-detection.txt DOC: move the device detection modules documentation to their own files 2016-11-08 15:06:21 +01:00