[HttpKernel] Fix regression where Store does not return response body correctly #37182
+60
−14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nicolas-grekas
changed the title
nicolas-grekas
approved these changes
Jun 11, 2020
fabpot
approved these changes
Jun 11, 2020
| * | ||
| * A restored response does *not* load the body, but only keep the file path in a special X-Body-File | ||
| * header. For reasons (?), the file path was also used as the restored response body. | ||
| * It would be up to others (HttpCache...?) to hohor this header and actually load the response content |
Member
|
Thank you @mpdude. |
| * | ||
| * @param array $headers An array of HTTP headers for the Response | ||
| * @param string $body The Response body | ||
| * @param string $path Path to the Response body |
This was referenced Jun 12, 2020
Merged
Merged
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since #36833, the
Storeno longer uses or trusts theX-Content-Digestheader present on a response, since that may come (in the case of usingCachingHttpClient) from upstream HTTP sources. Instead, theX-Content-Digestis re-computed every time a response is written by theStore.Additionally, the
Storeis implemented in a way that when restoring responses, it does not actually load the response body, but just keeps the file path to the content on disk in another internal header calledX-Body-File. It is up to others (HttpCache, for example) to actually load the content from there. For reasons I could not determine, the file path is also set as the response body.When the
HttpCacheperforms revalidations, it may happen that it wants theStoreto persist a previously restored response. In that case, theStorefails to honor its ownX-Body-Fileheader. Instead, it would compute (since #36833) theX-Content-Digest, which now is a hash of the cache file path.So, we end up with a response that still carries
X-Body-Filefor the original, correct response. Since theHttpCachehonors this value, we don't immediately notice that. But inside theStore, the request is now associated with the new (bogus) content entry.It takes another round of looking up the content in the
Storeto now get a response where theX-Body-Filealso points to the wrong content entry.Although I feel a bit uncomfortable with trusting headers that seemingly need to be evaluated in different classes and may come from elsewhere, my suggestion is to skip the write inside
StoreifX-Body-FileandX-Content-Digestare both present and consistent with each other.Additionally, a
file_existscheck could be added to provide additional assertions, at the cost of accessing the filesystem.