View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0033007mantisbtcode cleanuppublic2023-10-08 06:302023-12-10 07:31
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Target Version2.27.0Fixed in Version2.27.0 
Summary0033007: Remove deprecated and incorrect usage of Pragma: no-cache header
Description

$g_allow_file_cache (if defined) triggers emission of a Pragma: no-cache header, which is not only a deprecated HTTP/1.0 thing that should be replaced with a Cache-Control header, but also an incorrect usage of the directive which is only defined in a request context (not response).

The pragma was added to fix an issue downloading large attachments - it is quite likely that this code is no longer useful nowadays - it was written in 2005.

mantisbt/file_download.php Lines 154 to 164 in 262ecdd

 # To fix an IE bug which causes problems when downloading 
 # attached files via HTTPS, we disable the "Pragma: no-cache" 
 # command when IE is used over HTTPS. 
 global $g_allow_file_cache; 
 if( http_is_protocol_https() && is_browser_internet_explorer() ) { 
    # Suppress "Pragma: no-cache" header. 
 } else { 
    if( !isset( $g_allow_file_cache ) ) { 
        header( 'Pragma: no-cache' ); 
    } 
 }

We can probably get rid of the whole thing.

Additional Information

Originally posted in https://github.com/mantisbt/mantisbt/pull/1925#issuecomment-1729874609

This issue only covers the first part of that note (related to $g_allow_file_cache). Specifically, no further investigation has been made on this:

I don't have time to look into $g_allow_browser_cache in depth right now, but it's slightly less ancient (2008-ish, see 0009323).

TagsNo tags attached.

Activities

dregad

dregad

2023-12-02 10:57

developer   ~0068375

We also issue a Pragma: public header for IE compatibility, it should go away too.
dregad

dregad

2023-12-02 10:58

developer   ~0068376

PR https://github.com/mantisbt/mantisbt/pull/1950

Related Changesets

MantisBT: master 0bfe58b2

2023-12-02 10:49

dregad


Details Diff		 Remove usage of 'Pragma: no-cache' header

It is a deprecated HTTP/1.0 thing that should be replaced with a
Cache-Control header. Additionally we use it in an incorrect way, as the
directive is only defined in a request context (not response).

This was implemented as a workaround for an Internet Explorer bug, and
we don't support this browser anymore.

Fixes 0033007		 Affected Issues
0033007
mod - file_download.php Diff File

MantisBT: master bafd41ed

2023-12-02 10:54

dregad


Details Diff		 Remove 'Pragma: public' header

It was used for Internet Explorer compatibility, and we don't support
this browser anymore.

Fixes 0033007		 Affected Issues
0033007
mod - file_download.php Diff File

MantisBT: master 943f427e

2023-12-03 12:47

dregad


Details Diff		 Remove unused $g_allow_file_cache config

Issue 0033007		 Affected Issues
0033007
mod - config_defaults_inc.php Diff File
mod - core/obsolete.php Diff File
mod - docbook/Admin_Guide/en-US/config/webserver.xml Diff File