Page MenuHomePhabricator

Suppressed edit summary remains cached in revision view while not logged in
Closed, ResolvedPublic


Author: oversight-wp

Bug replicated at

The suppressed edit summary of diff 488463573 is visible while not logged in, as it remains cached inside the system.

This is achieved only when an Anonymous editor views the URL first *before* it was suppressed. If it is done after, this bug is not replicated.

Not a good thing since suppression is used at times to deal with time-sensitive issues of personal info.

Version: unspecified
Severity: major



Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 12:26 AM
bzimport set Reference to bz36142.

oversight-wp wrote:

Just received a second complaint that with the same situation above, that the editor/IP name also remains cached and viewable by anonymous/logged-out users even after it has been suppressed.

Aaron, can you advise on how we should handle this (if we can)? I guess we would have to send out an htcp purge on delete, but sounds like we'd have to do it for every permutation of bad revision and good revision in the revision list.

I assume that diffs can probably just send nocache headers to the squids.

(In reply to comment #3)

I assume that diffs can probably just send nocache headers to the squids.

Yes, I suppose that would be the simplest solution, although it seems sad to reduce site performance in exchange for supporting such a rarely used feature.