id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 118,"Lack of ""Vary"" handling in proxy can lead to corrupted downloads",Oz Solomon,somebody,"Documentation clearly states that the proxy module doesn't handle the Vary response header. However, ""not handling"" can mean a few things, and currently it means things are broken. Example: nginx as reverse proxy to Apache, and Apache is using mod_deflate to compress the content. User 1 makes a request for content using a modern browser, which nginx passes on to Apache, and Apache happily returns using a compressed response (Content-Encoding: gzip, Vary: Accept-Encoding). User 2 makes a request for the same content, but using a brain dead browser (in this case IE, which for 0.5% of users does not accept gzip encoding as we've recently measured). Despite the fact that the browser isn't sending ""Accept-Encoding: gzip"" to the server, the content is served from nginx's cache in compressed format and the browser receives a response it can't handle. Expected: nginx should never cache responses that contain the Vary header. Better Yet, Expected: nginx should properly handle the Vary header and only serve cached versions if the headers match. Actual: Whatever is cached after the first request is served. Note: For a long form background on this issue, please see: http://www.notthewizard.com/2012/02/27/nginx-reverse-proxy-can-cause-ie-to-fail/ ",defect,closed,minor,,nginx-core,1.0.x,fixed,"Vary, proxy",,Linux 2.6.18-274.17.1.el5 #1 SMP Tue Jan 10 17:25:58 EST 2012 x86_64 x86_64 x86_64 GNU/Linux,"nginx version: nginx/1.0.12 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-51) TLS SNI support disabled configure arguments: --user=nginx --group=nginx --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-file-aio --with-mail_ssl_module --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=-Wl,-E "