Incorrect max-age and s-max-age usage in HttpCache feature
Coneys opened this issue · comments
Ktor Version and Engine Used (client or server and name)
Ktor 1.3.2 JVM
Describe the bug
HttpCache feature is using s-max-age for Private and max-age for public cache, and I think it should be other way around.
Current code:
val maxAgeKey = if (isPrivate) "s-max-age" else "max-age"
val maxAge = cacheControl.firstOrNull { it.value.startsWith(maxAgeKey) }
?.value?.split("=")
?.get(1)?.toInt()
so for header : Cache-Control: max-age=3600, private
maxAge would be null
Expected behavior
maxAgeKey should be "max-age" for private and "s-max-age" for public
Well, s-max-age is usually for proxy servers so it's not clear why don't we simply ignore it in client's feature
Yes, public cache and "s-max-age" shouldn't be necessary, but I think that one may implement its own proxy with Ktor Client, and then it would be useful
Yes, but it definitely shouldn't work out of the box with default options. We need to correct it to avoid accidental caching (that in theory could even lead to vulnurabilities).