gamzinav/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
haproxy/doc
History
William Lallemand 8a16fe0d05 BUG/MEDIUM: cache: don't cache when an Authorization header is present 
RFC 7234 says:

A cache MUST NOT store a response to any request, unless:
[...] the Authorization header field (see Section 4.2 of [RFC7235]) does
      not appear in the request, if the cache is shared, unless the
      response explicitly allows it (see Section 3.2), [...]

In this patch we completely disable the cache upon the receipt of an
Authorization header in the request. In this case it's not possible to
either use the cache or store into the cache anymore.

Thanks to Adam Eijdenberg of Digital Transformation Agency for raising
this issue.

This patch must be backported to 1.8.
2018-05-23 10:36:44 +02:00
..
design-thoughts
MAJOR: tproxy: remove support for cttproxy
2015-08-20 19:35:14 +02:00
internals
DOC: add some description of the pending rework of the buffer structure
2018-05-18 16:18:17 +02:00
lua-api
MINOR: lua: add get_maxconn and set_maxconn to LUA Server class.
2018-05-03 18:53:42 +02:00
51Degrees-device-detection.txt
DOC: 51d: Updated git URL and instructions for getting Hash Trie data files.
2017-10-06 16:47:25 +02:00
acl.fig
[DOC] add diagrams of queuing and future ACL design
2009-02-22 16:46:38 +01:00
architecture.txt
DOC: fix "workaround" spelling
2016-01-15 10:27:09 +01:00
close-options.txt
[DOC] add a few old and uncommitted docs
2011-09-05 01:04:44 +02:00
coding-style.txt
DOC: update coding-style to reference checkpatch.pl
2015-09-21 16:45:45 +02:00
configuration.txt
BUG/MEDIUM: cache: don't cache when an Authorization header is present
2018-05-23 10:36:44 +02:00
cookie-options.txt
[DOC] add a few old and uncommitted docs
2011-09-05 01:04:44 +02:00
DeviceAtlas-device-detection.txt
DOC: move the device detection modules documentation to their own files
2016-11-08 15:06:21 +01:00
gpl.txt
[LICENSE] licensing clarifications
2006-06-15 21:48:13 +02:00
haproxy.1
MINOR: doc: document the -x flag
2017-04-13 19:15:17 +02:00
intro.txt
DOC/MINOR: intro: typo, wording, formatting fixes
2017-12-20 07:01:36 +01:00
lgpl.txt
[LICENSE] licensing clarifications
2006-06-15 21:48:13 +02:00
linux-syn-cookies.txt
DOC: add doc/linux-syn-cookies.txt
2015-08-11 12:17:41 +02:00
lua.txt
DOC: lua: update the links to the config and Lua API
2018-04-19 15:12:26 +02:00
management.txt
MINOR: ssl: Add payload support to "set ssl ocsp-response"
2018-04-26 14:20:09 +02:00
netscaler-client-ip-insertion-protocol.txt
MEDIUM: netscaler: add support for standard NetScaler CIP protocol
2017-12-20 07:04:07 +01:00
network-namespaces.txt
MAJOR: namespace: add Linux network namespace support
2014-11-21 07:51:57 +01:00
peers-v2.0.txt
MINOR: stick-tables: Adds support for new "gpc1" and "gpc1_rate" counters.
2018-01-31 09:40:05 +01:00
peers.txt
DOC: fix mangled version in peers protocol documentation
2017-11-24 18:10:24 +01:00
proxy-protocol.txt
DOC: mention lighttpd 1.4.46 implements PROXY
2017-04-05 08:42:39 +02:00
queuing.fig
[DOC] add diagrams of queuing and future ACL design
2009-02-22 16:46:38 +01:00
SPOE.txt
DOC: spoe: fix a typo
2018-05-18 15:05:17 +02:00
WURFL-device-detection.txt
DOC: move the device detection modules documentation to their own files
2016-11-08 15:06:21 +01:00