Closed Bug 373148 Opened 18 years ago Closed 18 years ago

NetScaler caching comment author information

Categories

(mozilla.org Graveyard :: Server Operations, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: reed, Assigned: oremj)

References

()

Details

When I went to look at the new "planet" blog on blog.mozilla.com and scrolled down to the comment box, I see that the fields already have been pre-filled with sayrer's personal information, including his name, e-mail address, and website. This is Just Bad(tm). The NetScaler should not be caching pages that include the comment box.
More specifically, wordpress should send no-cache headers for things that shouldn't be cached - netscaler is doing what it's supposed to. Given we probably won't get a code change from wp, we'll have to put in an explicit exclude to deal with wp's deficiencies. Reed - can you narrow it down to a set of urls that should be excluded?
Well, I can give you the opposite. Basically, the NS can cache http://blog.mozilla.com and any of the blogs directly under it (such as http://blog.mozilla.com/planet/). Anything that goes more detailed than those two urls should not be cached.
Assignee: server-ops → oremj
Justin's exactly right - grabbing /planet/2007/03/07/welcome-to-the-planet-blog/ from blog.mozilla.com and from mrapp02 shows the "go ahead and cache me" headers. mrz@boris [~/] 29> cat from-blogs HTTP/1.1 200 OK Date: Thu, 08 Mar 2007 09:43:32 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 X-totalblogs: 23 X-rootblog: http://blog.mozilla.com/ X-created-on: 2007-03-07 18:31:35 X-Pingback: http://blog.mozilla.com/planet/xmlrpc.php Status: 200 OK Cache-Control: max-age=60 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 mrz@boris [~/] 30> cat from-mrapp02 HTTP/1.1 200 OK Date: Thu, 08 Mar 2007 09:43:43 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 X-totalblogs: 23 X-rootblog: http://blog.mozilla.com/ X-created-on: 2007-03-07 18:31:35 X-Pingback: http://blog.mozilla.com/planet/xmlrpc.php Status: 200 OK Cache-Control: max-age=60 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
(In reply to comment #2) > Well, I can give you the opposite. Basically, the NS can cache > http://blog.mozilla.com and any of the blogs directly under it (such as > http://blog.mozilla.com/planet/). Anything that goes more detailed than those > two urls should not be cached. I don't know if I agree with that - that's saying that none of the blog entries should ever be cached. So this, http://blog.mozilla.com/planet/2007/03/07/welcome-to-the-planet-blog/ Shouldn't get in the cache? And can't imagine why the form would be pre-filled out (since that's not in the html src, is it?) - none of the browsers I have show it filled out.
(In reply to comment #4) > > And can't imagine why the form would be pre-filled out This is happening because a successful comment POST request is greeted with a 30x response containing a Set-Cookie header. The browser dutifully sends a GET to the redirect URI along with the Cookie: value it just received, and that response (with pre-populated form values) is cached. The netscaler sounds pretty aggressive. Strictly speaking, WordPress should send a response header of "Vary: Cookie" for individual posts, but I don't think things like Squid fall for this one.
In this situation the app should now send no-cache headers.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.