Closed
Bug 373148
Opened 17 years ago
Closed 17 years ago
NetScaler caching comment author information
Categories
(mozilla.org Graveyard :: Server Operations, task)
mozilla.org Graveyard
Server Operations
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: reed, Assigned: oremj)
References
()
Details
When I went to look at the new "planet" blog on blog.mozilla.com and scrolled down to the comment box, I see that the fields already have been pre-filled with sayrer's personal information, including his name, e-mail address, and website. This is Just Bad(tm). The NetScaler should not be caching pages that include the comment box.
Comment 1•17 years ago
|
||
More specifically, wordpress should send no-cache headers for things that shouldn't be cached - netscaler is doing what it's supposed to. Given we probably won't get a code change from wp, we'll have to put in an explicit exclude to deal with wp's deficiencies. Reed - can you narrow it down to a set of urls that should be excluded?
Reporter | ||
Comment 2•17 years ago
|
||
Well, I can give you the opposite. Basically, the NS can cache http://blog.mozilla.com and any of the blogs directly under it (such as http://blog.mozilla.com/planet/). Anything that goes more detailed than those two urls should not be cached.
Assignee | ||
Updated•17 years ago
|
Assignee: server-ops → oremj
Comment 3•17 years ago
|
||
Justin's exactly right - grabbing /planet/2007/03/07/welcome-to-the-planet-blog/ from blog.mozilla.com and from mrapp02 shows the "go ahead and cache me" headers. mrz@boris [~/] 29> cat from-blogs HTTP/1.1 200 OK Date: Thu, 08 Mar 2007 09:43:32 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 X-totalblogs: 23 X-rootblog: http://blog.mozilla.com/ X-created-on: 2007-03-07 18:31:35 X-Pingback: http://blog.mozilla.com/planet/xmlrpc.php Status: 200 OK Cache-Control: max-age=60 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 mrz@boris [~/] 30> cat from-mrapp02 HTTP/1.1 200 OK Date: Thu, 08 Mar 2007 09:43:43 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 X-totalblogs: 23 X-rootblog: http://blog.mozilla.com/ X-created-on: 2007-03-07 18:31:35 X-Pingback: http://blog.mozilla.com/planet/xmlrpc.php Status: 200 OK Cache-Control: max-age=60 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Comment 4•17 years ago
|
||
(In reply to comment #2) > Well, I can give you the opposite. Basically, the NS can cache > http://blog.mozilla.com and any of the blogs directly under it (such as > http://blog.mozilla.com/planet/). Anything that goes more detailed than those > two urls should not be cached. I don't know if I agree with that - that's saying that none of the blog entries should ever be cached. So this, http://blog.mozilla.com/planet/2007/03/07/welcome-to-the-planet-blog/ Shouldn't get in the cache? And can't imagine why the form would be pre-filled out (since that's not in the html src, is it?) - none of the browsers I have show it filled out.
Comment 5•17 years ago
|
||
(In reply to comment #4) > > And can't imagine why the form would be pre-filled out This is happening because a successful comment POST request is greeted with a 30x response containing a Set-Cookie header. The browser dutifully sends a GET to the redirect URI along with the Cookie: value it just received, and that response (with pre-populated form values) is cached. The netscaler sounds pretty aggressive. Strictly speaking, WordPress should send a response header of "Vary: Cookie" for individual posts, but I don't think things like Squid fall for this one.
Assignee | ||
Comment 6•17 years ago
|
||
In this situation the app should now send no-cache headers.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•