Incorrect max-age and s-max-age usage in HttpCache feature

Question

Incorrect max-age and s-max-age usage in HttpCache feature

Coneys opened this issue 4 years ago · comments

Ktor Version and Engine Used (client or server and name)
Ktor 1.3.2 JVM

Describe the bug
HttpCache feature is using s-max-age for Private and max-age for public cache, and I think it should be other way around.

Current code:

   val maxAgeKey = if (isPrivate) "s-max-age" else "max-age"

    val maxAge = cacheControl.firstOrNull { it.value.startsWith(maxAgeKey) }
        ?.value?.split("=")
        ?.get(1)?.toInt()

so for header : Cache-Control: max-age=3600, private
maxAge would be null

Expected behavior
maxAgeKey should be "max-age" for private and "s-max-age" for public

Sergey Mashkov · Answer 1 · Mon Aug 03 2020 17:22:09 GMT+0800 (China Standard Time)

Well, s-max-age is usually for proxy servers so it's not clear why don't we simply ignore it in client's feature

Rafał Kuźmiński · Answer 2 · Tue Aug 04 2020 15:33:28 GMT+0800 (China Standard Time)

Yes, public cache and "s-max-age" shouldn't be necessary, but I think that one may implement its own proxy with Ktor Client, and then it would be useful

Sergey Mashkov · Answer 3 · Tue Aug 04 2020 17:48:28 GMT+0800 (China Standard Time)

Yes, but it definitely shouldn't work out of the box with default options. We need to correct it to avoid accidental caching (that in theory could even lead to vulnurabilities).