From 9901c2c631cb47f509e79868bb70e47f3ac87b16 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 09:17:37 +0000 Subject: [PATCH 1/2] Bump js-yaml from 4.1.0 to 4.1.1 (#163) Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0d819464..2ac5abf4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -293,6 +293,7 @@ "resolved": "https://registry.npmjs.org/@types/node/-/node-22.15.17.tgz", "integrity": "sha512-wIX2aSZL5FE+MR0JlvF87BNVrtFWf6AE6rxSE9X7OwnVvoyCQjpzSRJ+M87se/4QCkCiebQAqrJ0y6fwIyi7nw==", "license": "MIT", + "peer": true, "dependencies": { "undici-types": "~6.21.0" } @@ -582,6 +583,7 @@ "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", "integrity": "sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==", "license": "MIT", + "peer": true, "dependencies": { "env-paths": "^2.2.1", "import-fresh": "^3.3.0", @@ -1012,9 +1014,9 @@ "license": "MIT" }, "node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "license": "MIT", "dependencies": { "argparse": "^2.0.1" From 46c080afa87ab0f9ff948f93020c822bc319fc79 Mon Sep 17 00:00:00 2001 From: chermant Date: Thu, 19 Mar 2026 10:01:26 +0100 Subject: [PATCH 2/2] Fix duplicate Cache-Control must-revalidate header in WordPressHeaders middleware MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit WordPress calls PHP's native header() via nocache_headers(), which stores `no-cache, no-store, must-revalidate, max-age=0` in the PHP native header queue — not in Symfony's header bag. When shouldSetPublicCache() was true (unauthenticated users), the middleware called addCacheControlDirective('must-revalidate') on top of the WordPress headers already queued natively. Since Symfony sends its headers with replace=false (except Content-Type), both Cache-Control values coexisted and were concatenated by the browser, resulting in: Cache-Control: no-cache, must-revalidate, max-age=0, public, max-age=3600, must-revalidate Fix: before rebuilding the public cache directives, flush Cache-Control at both levels: - header_remove('Cache-Control') clears the PHP native queue (WordPress headers) - $response->headers->remove('Cache-Control') clears the Symfony bag The resulting header for unauthenticated users is now clean: Cache-Control: public, must-revalidate, max-age=3600 --- src/Route/Infrastructure/Middleware/WordPressHeaders.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Route/Infrastructure/Middleware/WordPressHeaders.php b/src/Route/Infrastructure/Middleware/WordPressHeaders.php index 602a9b1e..ba8d8493 100644 --- a/src/Route/Infrastructure/Middleware/WordPressHeaders.php +++ b/src/Route/Infrastructure/Middleware/WordPressHeaders.php @@ -53,6 +53,8 @@ public function handle(Request $request, Closure $next): SymfonyResponse } if ($this->shouldSetPublicCache()) { + header_remove('Cache-Control'); + $response->headers->remove('Cache-Control'); $response->setPublic(); $response->headers->addCacheControlDirective('must-revalidate', true); $response->headers->addCacheControlDirective('max-age', '3600');