From 9e61cec7915ca177e88bd685a3229f153ee7ab7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
Date: Tue, 19 Mar 2019 15:49:55 +0100
Subject: Network cache: Stop treating no-cache like no-store

In the QNetworkAccessManager machinery we would treat "no-cache" as if
it meant "don't cache" while in reality it means "don't return these
cached elements without making sure they're up-to-date"

At the same time as this change is made let's add test data for
"no-store", which replaces the "no-cache" test data.

Fixes: QTBUG-71896
Change-Id: Ieda98f3982884ccc839cac2420c777968c786f6e
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mikhail Svetkin <mikhail.svetkin@qt.io>
---
 src/network/access/qabstractnetworkcache.cpp      |  4 ++--
 src/network/access/qnetworkaccesscachebackend.cpp | 17 +++++++++--------
 src/network/access/qnetworkreplyhttpimpl.cpp      | 14 +++-----------
 3 files changed, 14 insertions(+), 21 deletions(-)

(limited to 'src/network')

diff --git a/src/network/access/qabstractnetworkcache.cpp b/src/network/access/qabstractnetworkcache.cpp
index 2b670b2cce..9afb99f23f 100644
--- a/src/network/access/qabstractnetworkcache.cpp
+++ b/src/network/access/qabstractnetworkcache.cpp
@@ -191,8 +191,8 @@ bool QNetworkCacheMetaData::isValid() const
     Some cache implementations can keep these cache items in memory for performance reasons,
     but for security reasons they should not be written to disk.
 
-    Specifically with http, documents marked with Pragma: no-cache, or have a Cache-control set to
-    no-store or no-cache or any https document that doesn't have "Cache-control: public" set will
+    Specifically with http, documents with Cache-control set to no-store or any
+    https document that doesn't have "Cache-control: public" set will
     set the saveToDisk to false.
 
     \sa setSaveToDisk()
diff --git a/src/network/access/qnetworkaccesscachebackend.cpp b/src/network/access/qnetworkaccesscachebackend.cpp
index 0c9a88596d..22fdc5bb0b 100644
--- a/src/network/access/qnetworkaccesscachebackend.cpp
+++ b/src/network/access/qnetworkaccesscachebackend.cpp
@@ -87,15 +87,16 @@ bool QNetworkAccessCacheBackend::sendCacheContents()
     setAttribute(QNetworkRequest::HttpReasonPhraseAttribute, attributes.value(QNetworkRequest::HttpReasonPhraseAttribute));
 
     // set the raw headers
-    QNetworkCacheMetaData::RawHeaderList rawHeaders = item.rawHeaders();
-    QNetworkCacheMetaData::RawHeaderList::ConstIterator it = rawHeaders.constBegin(),
-                                                       end = rawHeaders.constEnd();
-    for ( ; it != end; ++it) {
-        if (it->first.toLower() == "cache-control" &&
-            it->second.toLower().contains("must-revalidate")) {
-            return false;
+    const QNetworkCacheMetaData::RawHeaderList rawHeaders = item.rawHeaders();
+    for (const auto &header : rawHeaders) {
+        if (header.first.toLower() == "cache-control") {
+            const QByteArray cacheControlValue = header.second.toLower();
+            if (cacheControlValue.contains("must-revalidate")
+                || cacheControlValue.contains("no-cache")) {
+                return false;
+            }
         }
-        setRawHeader(it->first, it->second);
+        setRawHeader(header.first, header.second);
     }
 
     // handle a possible redirect
diff --git a/src/network/access/qnetworkreplyhttpimpl.cpp b/src/network/access/qnetworkreplyhttpimpl.cpp
index d4d3a21a7a..2d7649fa61 100644
--- a/src/network/access/qnetworkreplyhttpimpl.cpp
+++ b/src/network/access/qnetworkreplyhttpimpl.cpp
@@ -524,6 +524,8 @@ bool QNetworkReplyHttpImplPrivate::loadFromCacheIfAllowed(QHttpNetworkRequest &h
         QHash<QByteArray, QByteArray> cacheControl = parseHttpOptionHeader(it->second);
         if (cacheControl.contains("must-revalidate"))
             return false;
+        if (cacheControl.contains("no-cache"))
+            return false;
     }
 
     QDateTime currentDateTime = QDateTime::currentDateTimeUtc();
@@ -1730,18 +1732,8 @@ QNetworkCacheMetaData QNetworkReplyHttpImplPrivate::fetchCacheMetaData(const QNe
     if (httpRequest.operation() == QHttpNetworkRequest::Get) {
 
         canDiskCache = true;
-        // 14.32
-        // HTTP/1.1 caches SHOULD treat "Pragma: no-cache" as if the client
-        // had sent "Cache-Control: no-cache".
-        it = cacheHeaders.findRawHeader("pragma");
-        if (it != cacheHeaders.rawHeaders.constEnd()
-            && it->second == "no-cache")
-            canDiskCache = false;
-
         // HTTP/1.1. Check the Cache-Control header
-        if (cacheControl.contains("no-cache"))
-            canDiskCache = false;
-        else if (cacheControl.contains("no-store"))
+        if (cacheControl.contains("no-store"))
             canDiskCache = false;
 
     // responses to POST might be cacheable
-- 
cgit v1.2.3