Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: unsafe methods not causing cache purge #3739

Merged
merged 4 commits into from
Oct 19, 2024

Conversation

flakey5
Copy link
Member

@flakey5 flakey5 commented Oct 16, 2024

Fixes bug introduced in #3733 where unsafe methods no longer make it to the cache handler and cause a cache purge for an origin.

Also removes a duplicate test file.

cc @mcollina @Uzlopak

Fixes bug introduced in nodejs#3733 where unsafe methods no longer make it to
the cache handler and cause a cache purge for an origin.

Also removes a duplicate test file.

Signed-off-by: flakey5 <73616808+flakey5@users.noreply.github.com>
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Copy link
Contributor

@Uzlopak Uzlopak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have to review

@Uzlopak
Copy link
Contributor

Uzlopak commented Oct 16, 2024

I think there is a bigger issue here.

lib/interceptor/cache.js Outdated Show resolved Hide resolved
@Uzlopak
Copy link
Contributor

Uzlopak commented Oct 16, 2024

According to my assessment the whole logic is flawed.

@Uzlopak
Copy link
Contributor

Uzlopak commented Oct 16, 2024

provided an alternative PR #3739

cache

Signed-off-by: flakey5 <73616808+flakey5@users.noreply.github.com>
@Uzlopak
Copy link
Contributor

Uzlopak commented Oct 16, 2024

What is the point of "methods" if you ignore it basically?

@flakey5
Copy link
Member Author

flakey5 commented Oct 16, 2024

What is the point of "methods" if you ignore it basically?

It isn't being ignored, the check at the beginning of each request is all it's needed for

@Uzlopak
Copy link
Contributor

Uzlopak commented Oct 17, 2024

I thought about it and I think the methods option makes not much sense.

lets say you have array safeMethods with values [A,B] and methods with values [B]

So method is

A => [A,B].includes(A) && !([B].includes(A)) => true && true => true
B => [A,B].includes(B) && !([B].includes(B)) => true && false => false
C => [A,B].includes(C) && !([B].includes(C)) => false && true => false

But what if I want to add in the future e.g. PROPFIND, which should be in theory a safe method (also ignore the fact that we would throw now a TypeError)

I add methods to PROPFIND but it wont work, because it is not in the safeMethods Array. I would purge the cache even if I added PROPFIND to the methods array.

@Uzlopak
Copy link
Contributor

Uzlopak commented Oct 17, 2024

I think you partially convinced me.

@Uzlopak
Copy link
Contributor

Uzlopak commented Oct 17, 2024

We could safe the two includes by generating ONE array

const safeMethodsToNotCache = util.safeHTTPMethods.filter(method => methods.includes(method) === false)

safeMethods would be [A,B], methods would be [B], so the resulting safeMethodToNotCache would be [A]

then the table would look like:

A => [A].includes(A) => true
B => [A].includes(B) => false
C => [A].includes(C) => false

Copy link
Collaborator

@Ethan-Arrowood Ethan-Arrowood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure why the cache-interceptor/interceptor.js was deleted. I'd prefer slightly more test coverage, but wont block on that. lgtm otherwise

test/interceptors/cache.js Outdated Show resolved Hide resolved
@flakey5
Copy link
Member Author

flakey5 commented Oct 17, 2024

@Uzlopak @Ethan-Arrowood the deleted test file was a duplicate - it still exists under test/interceptors/cache.js

@Uzlopak
Copy link
Contributor

Uzlopak commented Oct 18, 2024

please adapt the code regarding the one array includes check.

Signed-off-by: flakey5 <73616808+flakey5@users.noreply.github.com>
@flakey5
Copy link
Member Author

flakey5 commented Oct 18, 2024

But what if I want to add in the future e.g. PROPFIND

I do think something like the safeMethods option you were talking about would be valuable for this, but I'm not sure how well that behavior falls into the scope of this pr. This pr (and the original caching pr) was mainly targeting the methods specified as safe in the http semantics spec (9.2.1)

I do think it'd be a good idea to make an issue or pr to talk about supporting methods that were defined in extension specs though

Copy link
Contributor

@Uzlopak Uzlopak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Uzlopak Uzlopak merged commit 3030506 into nodejs:main Oct 19, 2024
27 of 31 checks passed
@github-actions github-actions bot mentioned this pull request Dec 3, 2024
This was referenced Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants