1 bootstrap.inc backdrop_page_header()

Sets HTTP headers in preparation for a page response.

Authenticated users are always given a 'no-cache' header, and will fetch a fresh page on every request. This prevents authenticated users from seeing locally cached pages.

Also give each page a unique ETag. This will force clients to include both an If-Modified-Since header and an If-None-Match header when doing conditional requests for the page (required by RFC 2616, section 13.3.4), making the validation more robust. This is a workaround for a bug in Mozilla Firefox that is triggered when Backdrop's caching is enabled and the user accesses Backdrop via an HTTP proxy (see https://bugzilla.mozilla.org/show_bug.cgi?id=269303): When an authenticated user requests a page, and then logs out and requests the same page again, Firefox may send a conditional request based on the page that was cached locally when the user was logged in. If this page did not have an ETag header, the request only contains an If-Modified-Since header. The date will be recent, because with authenticated users the Last-Modified header always refers to the time of the request. If the user accesses Backdrop via a proxy server, and the proxy already has a cached copy of the anonymous page with an older Last-Modified date, the proxy may respond with 304 Not Modified, making the client think that the anonymous and authenticated page views are identical.

Return value

bool: TRUE if the headers were sent. FALSE if the headers have already been sent and may not be sent again.

See also

backdrop_page_create_cache()

backdrop_page_save_cache()

File

core/includes/bootstrap.inc, line 1687
Functions that need to be loaded on every Backdrop request.

Code

function backdrop_page_header() {
  $headers_sent = &backdrop_static(__FUNCTION__, FALSE);
  if ($headers_sent) {
    return FALSE;
  }
  $headers_sent = TRUE;

  $default_headers = array(
    'Expires' => 'Fri, 16 Jan 2015 07:50:00 GMT',
    'Last-Modified' => gmdate(DATE_RFC1123, REQUEST_TIME),
    'Cache-Control' => 'no-cache, must-revalidate',
    'X-Content-Type-Options' => 'nosniff',
    'ETag' => '"' . REQUEST_TIME . '"',
  );
  backdrop_send_headers($default_headers);
  return TRUE;
}