Commit d44e497b authored by Crell's avatar Crell
Browse files

Port Drupal's default HTTP headers to a response listener.

parent 171fdb44
......@@ -2326,11 +2326,6 @@ function _drupal_bootstrap_variables() {
*/
function _drupal_bootstrap_page_header() {
bootstrap_invoke_all('boot');
if (!drupal_is_cli()) {
ob_start();
drupal_page_header();
}
}
/**
......
......@@ -31,6 +31,43 @@ public function onRespond(FilterResponseEvent $event) {
// Set the Content-language header.
$response->headers->set('Content-language', drupal_container()->get(LANGUAGE_TYPE_INTERFACE)->langcode);
// Because pages are highly dynamic, set the last-modified time to now
// since the page is in fact being regenerated right now.
// @todo Remove this and use a more intelligent default so that HTTP
// caching can function properly.
$response->headers->set('Last-Modified', gmdate(DATE_RFC1123, REQUEST_TIME));
// Also give each page a unique ETag. This will force clients to include
// both an If-Modified-Since header and an If-None-Match header when doing
// conditional requests for the page (required by RFC 2616, section 13.3.4),
// making the validation more robust. This is a workaround for a bug in
// Mozilla Firefox that is triggered when Drupal's caching is enabled and
// the user accesses Drupal via an HTTP proxy (see
// https://bugzilla.mozilla.org/show_bug.cgi?id=269303): When an
// authenticated user requests a page, and then logs out and requests the
// same page again, Firefox may send a conditional request based on the
// page that was cached locally when the user was logged in. If this page
// did not have an ETag header, the request only contains an
// If-Modified-Since header. The date will be recent, because with
// authenticated users the Last-Modified header always refers to the time
// of the request. If the user accesses Drupal via a proxy server, and the
// proxy already has a cached copy of the anonymous page with an older
// Last-Modified date, the proxy may respond with 304 Not Modified, making
// the client think that the anonymous and authenticated pageviews are
// identical.
// @todo Remove this line as no longer necessary per
// http://drupal.org/node/1573064
$response->headers->set('ETag', '"' . REQUEST_TIME . '"');
// Authenticated users are always given a 'no-cache' header, and will fetch
// a fresh page on every request. This prevents authenticated users from
// seeing locally cached pages.
// @todo Revisit whether or not this is still appropriate now that the
// Response object does its own cache control procesisng and we intend to
// use partial page caching more extensively.
$response->headers->set('Expires', 'Sun, 19 Nov 1978 05:00:00 GMT');
$response->headers->set('Cache-Control', 'no-cache, must-revalidate, post-check=0, pre-check=0');
}
/**
......
......@@ -191,7 +191,7 @@ class BootstrapPageCacheTestCase extends DrupalWebTestCase {
$this->drupalGet('system-test/set-header', array('query' => array('name' => 'Foo', 'value' => 'bar')));
$this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), t('Caching was bypassed.'));
$this->assertTrue(strpos($this->drupalGetHeader('Vary'), 'Cookie') === FALSE, t('Vary: Cookie header was not sent.'));
$this->assertEqual($this->drupalGetHeader('Cache-Control'), 'no-cache, must-revalidate, post-check=0, pre-check=0', t('Cache-Control header was sent.'));
$this->assertEqual($this->drupalGetHeader('Cache-Control'), 'must-revalidate, no-cache, post-check=0, pre-check=0, private', t('Cache-Control header was sent.'));
$this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', t('Expires header was sent.'));
$this->assertEqual($this->drupalGetHeader('Foo'), 'bar', t('Custom header was sent.'));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment