Contrib.social

Use s-maxage instead of max-age

Open on Drupal.org →
Created on 27 March 2023, about 2 years ago

Problem/Motivation

The max-age directive applies to every cache (browser and reverse proxy) whereas s-maxage applies only to shared cache (reverse proxy).
This is usually not a problem when using a reverse proxy like Varnish because you can remove the max-age from the response before the browser gets it.

However if for some reason, the response header is not altered before the browser receives it, it will get the max-age directive and will keep the page in its cache for up to a year.
This a problem because then there is no way for the server to invalidate the browser cache.

(I'm assuming that people usually use a long cache duration with this module, because the page will be invalidated with cache tags when it changes.)

Steps to reproduce

We have this configuration in system.performance:

cache:
  page:
    max_age: 31536000

When deploying our website on a server with Varnish, it works fine.
But if for some reason, the Varnish config decides to let the response pass directly to the browser return(pass), the browser will cache it for a year, which is usually not what we want.

Proposed resolution

IMHO this module should return max-age=0, s-maxage=31536000 for permanently cacheable pages.
This way, it would make it explicit that the request must be cached by shared caches but not by the browser.

Feature request
Status

Active

Version

2.0

Component

Code

Created by

🇫🇷France prudloff Lille

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @prudloff
  • @prudloff opened merge request.
  • Status changed to Needs review about 2 years ago
  • Comment about 2 years ago
    🇫🇷France prudloff Lille

    I submitted a MR that makes the module always use s-max-age.
    But I guess this would be considered a breaking change and would need to be behind a specific setting?

  • Status changed to RTBC 21 days ago
  • Comment 21 days ago
    🇫🇷France arousseau

    I tested the changes from this MR on the latest 2.0.1

    Displaying a simple test block with a hard-coded cache max-age of 36, the header went from :
    cache-control
    max-age=36, public

    to :
    cache-control
    max-age=0, must-revalidate, public, s-maxage=36

    Works as advertised.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024