Issue #2381839 by klausi, Damien Tournoud: Changed date format for Last-Modified header breaks caching for certain Varnish/Nginx configurations.

CHANGELOG.txt

@@ -1,6 +1,8 @@
 
 Drupal 7.36, xxxx-xx-xx (development version)
 -----------------------
+- Stopped sending ETag and Last-Modified headers for uncached page requests,
+  since they break caching for certain Varnish and Nginx configurations.
 - Changed the Simpletest module to allow PSR-4 test classes to be used in
   Drupal 7.
 - Fixed a fatal error that occurred when using the Comment module's "Unpublish

includes/bootstrap.inc

@@ -1246,23 +1246,10 @@ function drupal_send_headers($default_headers = array(), $only_default = FALSE)
  * fresh page on every request. This prevents authenticated users from seeing
  * locally cached pages.
  *
- * Also give each page a unique ETag. This will force clients to include both
+ * ETag and Last-Modified headers are not set per default for authenticated
- * an If-Modified-Since header and an If-None-Match header when doing
+ * users so that browsers do not send If-Modified-Since headers from
- * conditional requests for the page (required by RFC 2616, section 13.3.4),
+ * authenticated user pages. drupal_serve_page_from_cache() will set appropriate
- * making the validation more robust. This is a workaround for a bug in Mozilla
+ * ETag and Last-Modified headers for cached pages.
- * Firefox that is triggered when Drupal's caching is enabled and the user
- * accesses Drupal via an HTTP proxy (see
- * https://bugzilla.mozilla.org/show_bug.cgi?id=269303): When an authenticated
- * user requests a page, and then logs out and requests the same page again,
- * Firefox may send a conditional request based on the page that was cached
- * locally when the user was logged in. If this page did not have an ETag
- * header, the request only contains an If-Modified-Since header. The date will
- * be recent, because with authenticated users the Last-Modified header always
- * refers to the time of the request. If the user accesses Drupal via a proxy
- * server, and the proxy already has a cached copy of the anonymous page with an
- * older Last-Modified date, the proxy may respond with 304 Not Modified, making
- * the client think that the anonymous and authenticated pageviews are
- * identical.
  *
  * @see drupal_page_set_cache()
  */
@@ -1275,9 +1262,7 @@ function drupal_page_header() {
 
   $default_headers = array(
     'Expires' => 'Sun, 19 Nov 1978 05:00:00 GMT',
-    'Last-Modified' => gmdate(DATE_RFC7231, REQUEST_TIME),
     'Cache-Control' => 'no-cache, must-revalidate, post-check=0, pre-check=0',
-    'ETag' => '"' . REQUEST_TIME . '"',
   );
   drupal_send_headers($default_headers);
 }

modules/simpletest/tests/bootstrap.test

@@ -153,6 +153,8 @@ class BootstrapPageCacheTestCase extends DrupalWebTestCase {
     $this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified, 'If-None-Match: ' . $etag));
     $this->assertResponse(200, 'Conditional request returned 200 OK for authenticated user.');
     $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Absense of Page was not cached.');
+    $this->assertFalse($this->drupalGetHeader('ETag'), 'ETag HTTP headers are not present for logged in users.');
+    $this->assertFalse($this->drupalGetHeader('Last-Modified'), 'Last-Modified HTTP headers are not present for logged in users.');
   }
 
   /**