php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40325 Vary: header missing in gzip output handlers
Submitted: 2007-02-02 13:10 UTC Modified: 2007-04-18 19:42 UTC
From: nicolas dot grekas+php at gmail dot com Assigned: mike (profile)
Status: Closed Package: Zlib related
PHP Version: 5.2.0 OS: All
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: nicolas dot grekas+php at gmail dot com
New email:
PHP Version: OS:

 

 [2007-02-02 13:10 UTC] nicolas dot grekas+php at gmail dot com
Description:
------------
At least ob_gzhandler, maybe gzip.outputcompress don't send a "Vary: Accept-Encoding" header when browser don't support compression. The result is that intermediate caches may get corrupted.

Reproduce code:
---------------
execute the code bellow with php-cgi :

<?php ob_start('ob_gzhander');

Expected result:
----------------
X-Powered-By: PHP/5.2.0
Content-Type: text/html



Actual result:
--------------
X-Powered-By: PHP/5.2.0
Content-Type: text/html
Vary: Accept-Encoding


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-02-02 13:11 UTC] nicolas dot grekas+php at gmail dot com
Oops : I've switched Expected and Actual results, sorry
 [2007-02-02 15:38 UTC] php_lists at realplain dot com
Just thought I'd add this comment that IE doesn't handle these Vary: headers correctly (breaks caching that would usually be used). :-( See http://lists.over.net/pipermail/mod_gzip/2002-December/006826.html

It's been awhile since I read the details, but maybe you'd want to use "Cache-Control: private" instead or in addition to Vary:?
 [2007-02-02 17:02 UTC] mike@php.net
Thanks, awesome read.
 [2007-02-02 18:44 UTC] nicolas dot grekas+php at gmail dot com
I knew this pb for IE, and the link of php_lists is worth reading. BUT it is NOT related to the bug I was submitting.

IE's bug with Vary header is :
IF (non-compressed-content + Vary-header)
THEN IE-dont-cache-entity

Here is my bug :
IF a resource is negotiated for compression
THEN we MUST send a Vary header.

In fact, for IE, the negotiation made by ob_gzhandler DOES ALREADY send a Vary header. Because negotiation ends to : browser (IE) accepts gzipped content.

So fixing this issue WONT CHANGE ANYTHING FOR IE, but will fix corrupted caches.

Should I explain more deeply the issue ?

Regards,
Nicolas
 [2007-03-21 14:42 UTC] nicolas dot grekas+php at gmail dot com
I'm sorry to insist, but this is for the good of PHP :) This bug is not bogus.

Here is the related RFC2616 HTTP1.1-14.44 excerpt that is not honored by ob_gzhandler : "An HTTP/1.1 server SHOULD include a Vary header field with any cacheable response that is subject to server-driven negotiation.".

In fact today, ob_gzhandler do send a "Vary: Accept-Encoding" header when the client accepts gzip or deflate. (This is the case for example for IE, Gecko, and many browsers.)
BUT : the RFC says that the vary header should be send IF _a_negociation_occurs_. That means that the Vary header is not meant to be send based on the result of any negociation. The point is : if you negociate, then you should send a Vary header, whatever the result of the nego.

What ob_gzhandler actually does is :
negociate, then if gzip/deflate accepted, send a Vary

What it should do is :
send a Vary, then negociate.


This but is in no way related to the bug of IE regarding vary headers : the current conditions requested by ob_gzhandler to send its vary header are always met by IE (accept gzip ? => yes).

Hope it helps
 [2007-04-18 18:43 UTC] mike@php.net
We can't fix this issue, due to the nature of PHP output handlers.

Consider he following code snippet:

<?php
ob_start("ob_gzhandler");
ob_end_clean();
?>

We'll get a plain response plus the Vary header, not really better either.

I'd suggest you to use mod_deflate or f.e. always send the Vary header yourself when using a zlib output handler:

<?php
header("Vary: Accept-Encoding");
ob_start("ob_gzhandler");
?>

 [2007-04-18 19:42 UTC] mike@php.net
It actually was fixable in HEAD. Not possible to MFH though.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Sep 20 07:01:27 2024 UTC