Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Discovered by pwolanin & klausi.
STR:
- Install D8.
- Log out.
- Load
/node/5
. This is a 404. - Log in.
- Create node 5 (or anything that is served by
/node/5
, really). - Log out.
- Load
/node/5
. It's still a 404.
Proposed resolution
When installing modules/themes, we already clear all caches, including the render cache, which also invalidates the Page Cache/reverse proxy. So no problem for newly added routes.
Either:
- Don't cache non-2xx responses. But that means that sites can be attacked (DDoS) more easily.
- We should also make sure that 404/403 (generally, non-2xx) responses are invalidated whenever any entity that has a route is saved. Create a "non-2xx-response" cache tag, set it on every non-2xx response, invalidate this cache tag whenever anything happens that may turn a non-2xx in a 2xx. It's okay to invalidate cached non-2xx responses frequently, because they usually have low cache hit ratios anyway.
Remaining tasks
TBD. Unclear if the currently proposed solution is sufficient.
User interface changes
None.
API changes
TBD
Comment | File | Size | Author |
---|---|---|---|
#19 | increment.txt | 1.76 KB | pwolanin |
#19 | 2472281-19.patch | 6.39 KB | pwolanin |
#19 | 2472281-test-only-19.patch | 2.74 KB | pwolanin |
#15 | increment.txt | 4.23 KB | pwolanin |
#15 | 2472281-15.patch | 6.65 KB | pwolanin |
Comments
Comment #1
Wim LeersNote that #2472281: 404/403 responses for non-existing nodes are cached in Page Cache/reverse proxy, are not invalidated when the node is created already gets the basic infrastructure in to fix this.
Comment #2
Wim LeersComment #3
amateescu CreditAttribution: amateescu for Drupal Association commentedIMO this is a problem for every entity type, not just nodes :)
Comment #4
BerdirAnother idea, we could do path based invalidation in the page cache for entities, because after we created them, we know their URL. Not going to be very easy, and it won't work for everything, not sure how to notify reverse proxies and so on...
Also, maybe we want to cache 404/403 for a shorter time in general, in a separate issue?
Comment #5
yched CreditAttribution: yched commentedshorter 404 / 403 ttl ++
Comment #6
pwolanin CreditAttribution: pwolanin at Acquia commentedI think a shorter or different TTL for non-20x is a good idea, but separate issue indeed. The TTL is used by external caches, while here we also need to address Drupal page cache.
Comment #7
pwolanin CreditAttribution: pwolanin at Acquia commentedPossibly handle it in ContentEntityBase (check that the entity has a route in the annotation - e.g. not shortcut) and also in router rebuild.
Comment #8
pwolanin CreditAttribution: pwolanin at Acquia commentedI'm going to try rolling a patch now.
Comment #9
Wim Leers#3: yes, obviously, I was just using a concrete example :)
If we collectively agree that a shorter TTL for non-2xx responses is a good idea, can somebody file an issue for that? :) Thanks!
Comment #10
pwolanin CreditAttribution: pwolanin at Acquia commented@Wim #2472335: Support an independent max-age for 4xx responses
Comment #11
pwolanin CreditAttribution: pwolanin at Acquia commentedThis patch is just for the bot - not complete yet.
Comment #12
pwolanin CreditAttribution: pwolanin at Acquia commentedThis should be more complete, but needs tests.
Comment #13
Wim LeersLooks good already!
Comment #15
pwolanin CreditAttribution: pwolanin at Acquia commentedFixed some bugs - added test, and test-only patch
Comment #16
dawehnerSeems alright for me!
Comment #17
Wim LeersOnly nits.
Unnecessary: page caching is enabled by default.
$this->assertCacheTag('4xx-response');
s/clears/invalidates the/
s/clear/invalidate/
Comment #19
pwolanin CreditAttribution: pwolanin at Acquia commentedfixed test.
Comment #20
Wim LeersPerfect.
Comment #22
alexpottLet's wait on a green test.
Comment #23
Wim LeersGreen :)
Comment #24
alexpottThis issue addresses a major bug and is allowed per https://www.drupal.org/core/beta-changes. Committed afdbe0d and pushed to 8.0.x. Thanks!
Comment #25
catchAlex beat me to it but +1.
Comment #27
znerol CreditAttribution: znerol commentedFollow-up: #2474835: Random test fail in PageCacheTest::testPageCacheAnonymous403404
Comment #29
effulgentsia CreditAttribution: effulgentsia at Acquia commentedFYI: #2480077-17: Using the URL alias UI to change aliases doesn't do necessary invalidations: path aliases don't have cache tags.