Page MenuHomePhabricator

Clean up Cache-Control handling in MediaWiki
Open, Needs TriagePublic

Description

MediaWiki controllers which do not use the normal header handling of OutputPage (call OutputPage::disable(), or do not use OutputPage at all) do their own implementation of "don't cache if the user is authenticated". There are many ways to get that wrong, and several controllers do. This task is about cleaning them up.

AjaxResponse (see T42787: Remove legacy ajax interface) also has code for enabling caching, but it does not seem reachable.

TODO: add other stuff here from T256395#6298796

Event Timeline

Tgr created this task.Jul 10 2020, 7:55 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 10 2020, 7:55 PM
Tgr updated the task description. (Show Details)Jul 10 2020, 8:11 PM
Tgr updated the task description. (Show Details)Jul 11 2020, 12:11 AM
Tgr updated the task description. (Show Details)Jul 11 2020, 12:57 AM
Tgr updated the task description. (Show Details)Jul 11 2020, 8:59 PM
ema added a subscriber: ema.Jul 13 2020, 1:34 PM

Not sure if this is the right task to mention the issue, but I've observed this:

$ curl -v -H "Cookie: centralauth_User=REDACTED; centralauth_Token=REDACTED" -H "Host: it.wikipedia.org" 'https://appservers-ro.discovery.wmnet/w/index.php?title=MediaWiki:Templateslist.js&action=raw&ctype=text/javascript ' 2>&1 | grep Cache-Control
< Cache-Control: private, s-maxage=300, max-age=1209600

Here s-maxage=300 does not make much sense: Cache-Control: private means that the object must not be stored by a shared cache. The s-maxage directive applies to shared caches, so it should be either absent or 0 for objects with CC:private.

Tgr updated the task description. (Show Details)Jul 13 2020, 1:53 PM