Merge pull request #48 from 2manymws/fix-external-rules

Fix Set-Cookie handling
2manymws · Jan 11, 2024 · 5d59570 · 5d59570
2 parents 8793c05 + 4b258ed
commit 5d59570
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 5 deletions.
diff --git a/rfc9111/shared.go b/rfc9111/shared.go
@@ -156,7 +156,7 @@ func (s *Shared) Storable(req *http.Request, res *http.Response, now time.Time)
 	// In RFC 9111, Servers that wish to control caching of responses with Set-Cookie headers are encouraged to emit appropriate Cache-Control response header fields (see https://httpwg.org/specs/rfc9111.html#rfc.section.7.3).
 	// But to beat on the safe side, this package does not store responses with Set-Cookie headers by default, similar to NGINX.
 	// THIS IS NOT RFC 9111.
-	if req.Header.Get("Set-Cookie") != "" && !s.storeRequestWithSetCookieHeader {
+	if res.Header.Get("Set-Cookie") != "" && !s.storeRequestWithSetCookieHeader {
 		return false, time.Time{}
 	}
 
@@ -324,7 +324,7 @@ func (s *Shared) storableWithExtendedRules(req *http.Request, res *http.Response
 		if ok {
 			// Add Expires header field
 			od := originDate(res.Header, now)
-			expires := od.Add(age)
+			expires := od.Add(age) //nostyle:varnames
 			res.Header.Set("Expires", expires.UTC().Format(http.TimeFormat))
 			return true, expires
 		}

diff --git a/rfc9111/shared_test.go b/rfc9111/shared_test.go
@@ -323,13 +323,11 @@ func TestShared_Storable(t *testing.T) {
 			&http.Request{
 				Host:   "example.com",
 				Method: http.MethodGet,
-				Header: http.Header{
-					"Set-Cookie": []string{"k=v"},
-				},
 			},
 			&http.Response{
 				StatusCode: http.StatusOK,
 				Header: http.Header{
+					"Set-Cookie":    []string{"k=v"},
 					"Cache-Control": []string{"max-age=15"},
 				},
 			},
@@ -359,6 +357,54 @@ func TestShared_Storable(t *testing.T) {
 			true,
 			time.Date(2024, 12, 13, 14, 15, 25, 00, time.UTC),
 		},
+		{
+			"ExtendedRule(+15s) GET 200 Authorization: XXX -> No Store",
+			&http.Request{
+				Host:   "example.com",
+				Method: http.MethodGet,
+				Header: http.Header{
+					"Authorization": []string{"XXX"},
+				},
+			},
+			&http.Response{
+				StatusCode: http.StatusOK,
+				Header: http.Header{
+					"Date": []string{"Mon, 13 Dec 2024 14:15:10 GMT"},
+				},
+			},
+			[]ExtendedRule{
+				&testRule{
+					cacheableMethods: []string{http.MethodGet},
+					cacheableStatus:  []int{http.StatusOK},
+					age:              15 * time.Second,
+				},
+			},
+			false,
+			time.Time{},
+		},
+		{
+			"ExtendedRule(+15s) GET 200 Set-Cookie: XXX -> No Store",
+			&http.Request{
+				Host:   "example.com",
+				Method: http.MethodGet,
+			},
+			&http.Response{
+				StatusCode: http.StatusOK,
+				Header: http.Header{
+					"Set-Cookie": []string{"XXX"},
+					"Date":       []string{"Mon, 13 Dec 2024 14:15:10 GMT"},
+				},
+			},
+			[]ExtendedRule{
+				&testRule{
+					cacheableMethods: []string{http.MethodGet},
+					cacheableStatus:  []int{http.StatusOK},
+					age:              15 * time.Second,
+				},
+			},
+			false,
+			time.Time{},
+		},
 		{
 			"ExtendedRule(+15s) POST 201 -> +15s",
 			&http.Request{