node_query_node_access_alter() should only add cacheability on GET/HEAD

I totally agree that it doesn't make sense to add them here. If we don't render cache, we don't need them anyway here.

+++ b/core/modules/node/node.module
@@ -1081,8 +1081,9 @@ function node_query_node_access_alter(AlterableInterface $query) {
   // Bubble the 'user.node_grants:$op' cache context to the current render
   // context.

Let's also update the comment then. Can be done upon commit.

However … in \Drupal\Core\Render\RenderCache::get() + \Drupal\Core\Render\RenderCache::set():

    // Form submissions rely on the form being built during the POST request,
    // and render caching of forms prevents this from happening.
    // @todo remove the isMethodSafe() check when
    //       https://www.drupal.org/node/2367555 lands.
    if (!$this->requestStack->getCurrentRequest()->isMethodSafe() || !$cid = $this->createCacheID($elements)) {
      return FALSE;
    }

Doing this issue means that solving #2367555: Deprecate EnforcedResponseException support alone will not be enough to allow render cache to be used on POST requests. Which means we won't be able to use render cache for POST requests (i.e. when submitting a form) for things that are not affected until D9. That's probably a fine compromise, but I do want to call it out.

+1

RTBC++

If we do #2503429: Allow both AJAX and non-AJAX forms to POST to dedicated URLs then we won't render pages to find forms - this is the most expensive part of form submission. After the form submit we usually redirect, so there'll be no rendering of a page at all - POST -> submit -> RedirectResponse

What about form validation errors?

Committed cb80d54 and pushed to 8.1.x and 8.2.x. Thanks!