In an attempt to master HTTP cache, I'm currently trying to craft an HTTP response saying "Once you've got it, cache it forever".
Here's what it looks like (PHP):
<?php
header('Cache-Control: max-age=31536000, immutable, only-if-cached');
sleep(2);
echo date('H:i:s');
exit;
Unfortunately, neither Chrome (when hit directly), neither Cloudflare (when proxied) wants to serve from cache.
Full response headers received from origin:
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 30 Mar 2020 16:54:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=31536000, immutable, only-if-cached
Content-Encoding: gzip
What am I doing wrong?
Related
So I've got a server to server application. The PHP script on server 1, domain 1 sets a custom header in the page (Authorization: Bearer 123456789). The script on server 2, domain 2 uses get_headers() to read the headers.
It all works fine when the files are served natively. But when the script on server 1 is included in a Joomla module get_headers() doesn't retrieve the custom header.
In both cases, developer tools shows the custom header but also some different headers than returned by get_headers().
The code below uses JFactory to set the headers if Joomla is loaded but it is the same result using header(). Joomla just isn't passing the custom header.
I don't get it. Anyone have any idea what is going on here? Its not a SEF or htaccess issue.
<?php
// Server 1
if(!class_exists("JFactory")){ // no Joomla
header('Authorization: Bearer 123456789');
} else { // Joomla framework loaded
$app = JFactory::getApplication();
$app->setHeader('Authorization: ', 'Bearer 123456789');
$app->sendHeaders();
}
The code on server 2:
<?php
// Server 2
$headers = get_headers("http://server1.com/");
foreach($headers as $header) {
echo $header ."<br/>";
}
Output from get_headers() when served natively:
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2017 12:44:35 GMT
Server: Apache
Authorization: Bearer 123456789
Content-Length: 0
Connection: close
Content-Type: text/html
Output from get_headers() when served by Joomla:
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2017 12:45:49 GMT
Server: Apache
Set-Cookie: 3c460b3da9ecb202e794816b4144c6ff=ja7mn4b4njov98lsv76kk8pvu2; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 1264
Connection: close
Content-Type: text/html
Native headers displayed by developer tools:
Authorization: Bearer 123456789
Date: Thu, 19 Jan 2017 13:07:32 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0
Content-Type: text/html
200 OK
Joomla headers displayed by developer tools:
Pragma: no-cache
Date: Thu, 19 Jan 2017 12:19:24 GMT
Last-Modified: Thu, 19 Jan 2017 12:19:25 GMT
Server: Apache
Authorization: : Bearer 123456789
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 76888
Expires: Wed, 17 Aug 2005 00:00:00 GMT
Remove double dot from setheader call :
$app = JFactory::getApplication();
$app->setHeader('Authorization', 'Bearer 123456789');
$app->sendHeaders();
Thanks for the suggestion Yoleth. I tested this and got the same result.
However I have found the problem. The Joomla site setting the header is using a component called Site Lock. This is similar to putting the site off line but has some nice features for developers.
Basically Site Lock was preventing the page being served and just returning the headers from the lock page (as it should). I don't know why I didn't see it earlier. Sometimes just can't see the forest for the trees!
Maybe it's the jetlag, but I'm failing to make PHP/HHVM give me the Content-Type header when I need it.
I've deployed the full stack (MySQL, HHVM, Nginx) on a Vagrant machine and I've managed to reproduce the issue on a test script:
<?php
$file='/usr/share/doc/iptables/html/NAT-HOWTO.html'; # random test file
header('Content-Length: ' . filesize($file));
echo(readfile($file));
?>
If you examine the headers with curl:
hostname:~ jsimpson$ curl -I http://vagrant/test.php
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Tue, 16 Sep 2014 22:09:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2592
Connection: keep-alive
X-Powered-By: HHVM/3.2.0
Content-Encoding: none;
We have a content length header. However if we hit the same URL from Chrome, and get the headers from the Dev tools:
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Tue, 16 Sep 2014 22:14:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: HHVM/3.2.0
Content-Encoding: gzip
No Content-Length header. I've also packet sniffed this to verify that the header isn't sent. I can switch to PHP FPM and it sends the header.
I reproduced the issue by hitting the server with:
curl -H 'Accept-Encoding: gzip,deflate' --compressed -v http://foo/bar
HHVM enables compression by default. Disabling that gave me the header back.
Everything was awesome after adding this to /etc/hhvm/server.ini
hhvm.server.gzip_compression_level = 0
I stumbled upon this issue/feature. Not running HHVM though. Pure nginx + PHP-FPM.
The thing is, if your PHP app calculates and sets Content-Lenght header field, and your nginx is configured to gzip content, it will just ditch this information and replace it by Chunked transfer encoding and GZIP headers.
So do not set GZIP to a very small buffers, default is 20 bytes which does quite the opposite (end result is larger then before GZIP compression).
I set it like this:
gzip_min_length 1024;
I could reduce my problem to the following script I put on my server:
<?php
session_start();
header('Content-type: text/plain', TRUE);
flush();
sleep(300);?>
When I connect to this script using:
GET /test.php HTTP/1.1
Host: localhost
I get the header back right away as expected:
HTTP/1.1 200 OK
Date: Sat, 03 Nov 2012 20:15:53 GMT
Server: Apache/2.2.22 (Fedora)
X-Powered-By: PHP/5.3.17
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
Set-Cookie: PHPSESSID=m7bmvblakkil96rqjq7j8f0f42; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
If I then kill the connection and reconnect using:
GET /proxy/test.php HTTP/1.1
Host: localhost
Cookie: PHPSESSID=knkeaq2ao0cllpcci0rnassqj4
I don't get any header back anymore until I restart my webserver.
I would have expected to again retrieve the response header right away.
I have really no idea why I get this behavior. Maybe it's some kind of a bug? Or I'm misunderstanding some behavior.
It would be great if somebody could help me with this as I really don't have a clue what's going on.
Ps:
Im running Apache/2.2.22 with PHP 5.3.17 on fedora 17, but the server packages are out of the fedora 16 repos as I need zend debugger which does not work with the PHP coming with fedora 17.
Because your session is still open in the first request (for 300 seconds) you cannot start using it in the second. It will wait until the first session is closed and written to the file-system before it will attempt to read it for the second request. Because you cannot be sure the first request wants to modify the same session-variables which are already in use by the second request.
You can use session_write_close() before the sleep so that the session variables become available immediatly. But then you cannot change any session variables after that.
I'm trying the understand local cache with ETags and a nginx (1.2.1) server which redirects php's request to a php-cgi deamon.
Here my simple index.php :
<?php
header('Cache-Control: public');
header('Etag:"5954c6-10f4-449d11713aac0"');
echo microtime(true);
After a second request, my browser send a If-None-Match header :
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Host:cache.loc
If-None-Match:"5954c6-10f4-449d11713aac0"
But my web server doesn't returns a 304 :
HTTP/1.1 200 OK
Server: nginx/1.2.2
Date: Thu, 12 Jul 2012 11:46:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.12
Cache-Control: public
Etag: "5954c6-10f4-449d11713aac0"
Cache-Control: public
Unless I've misunderstood, my server should compare Etag with the If-None-Match sent and returns a 304 response because they're the same.
Where am I wrong ?
Should I compare Etag with If-None-Match in my PHP script because nginx (or Apache) will not do the job itself ?
Regards,
Manu
If you implement this yourself using php, you are responsible for also sending the 304 Not Modified.
So compare the If-None-Match header with your ETag, and use header() to send back the 304.
I'm using PHP 5.3 and Apache 2.0 to serve a script which adds a number of headers to the output:
header('HTTP/1.1 200 OK');
header("Content-Type: application/json");
header("Last-Modified: $lastmode"); // $lastmod = Tue, 01 Mar 2011 14:56:22 +0000
header("Etag: $etag"); // Etag = 5da02274fcad09a55f4d74467f66a864
Now, all the headers come through except for the Last-Modified and Etag. In my httpd.conf I have the following:
Header unset Cache-Control
Header unset Pragma
But in my response I get:
HTTP/1.1 200 OK
Date: Tue, 01 Mar 2011 16:49:10 GMT
Server: Apache/2.2.14 (EL) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5
Keep-Alive: timeout=15, max=8000
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json
Expires: 0
Cache-Control: no-cache
My Last-Modified and Etag headers are gone and we have Cache-Control and Expires in their place.
I should also mention that I have disabled mod_expires to no avail. I am pulling my hair out at this point as no matter what I do the headers are simply not there. What could possibly cause them to be removed?
Thanks,
J
UPDATE: It seems that Apache is adding the additional headers after PHP has shutdown and I would think it's also removing the headers I set above. Registering a shutdown function in PHP and calling apache_response_headers shows:
Pragma=
Expires=
Etag=5da02274fcad09a55f4d74467f66a864
Last-Modified=Tue, 01 Mar 2011 14:56:22 +0000
Keep-Alive=timeout=15, max=8000
Connection=Keep-Alive
Transfer-Encoding=chunked
Content-Type=application/json
To answer my own question it seems that the tool I was using to debug was giving me the grief. It was the mod_expires module causing the problem in the first place but the reason that removing it had no effect was that the proxy I was using to debug the problem (Charles) seems to modify the headers. Once Charles was taken out of the loop my headers were there!