Closed rhysemmerson closed 2 years ago
When making a request with an unsafe method, all keys for that url should be invalidated.
GET /users # MISS result stored in cache POST /users GET /users # MISS
Only the key for the unsafe method is invalidated.
GET /users # MISS result stored in cache POST /users GET /users # HIT
One obvious solve would be to not use the request method in cache key, this wouldn't allow caching multiple methods though.
Alternatively the middleware could modify the request based on a configured set of methods and invalidate those methods.
private function invalidateCache(RequestInterface $request, ResponseInterface $response) { $this->cacheStorage->delete($request); foreach ($this->invalidateMethods as $method) { $this->cacheStorage->delete($request->withMethod($method)); } return $response->withHeader(self::HEADER_INVALIDATION, true); }
This is a good point! Do you want to make a PR for this? Link to the RFC about this: https://datatracker.ietf.org/doc/html/rfc7234#section-4.4
Expected behaviour
When making a request with an unsafe method, all keys for that url should be invalidated.
Actual Behaviour
Only the key for the unsafe method is invalidated.
Potential solutions
One obvious solve would be to not use the request method in cache key, this wouldn't allow caching multiple methods though.
Alternatively the middleware could modify the request based on a configured set of methods and invalidate those methods.