passenger 5.0.0.beta2 → 5.0.0.beta3

data/ext/nginx/ngx_http_passenger_module.c

@@ -1,7 +1,7 @@
 /*
  * Copyright (C) Igor Sysoev
  * Copyright (C) 2007 Manlio Perillo (manlio.perillo@gmail.com)
- * Copyright (C) 2010-2014 Phusion
+ * Copyright (C) 2010-2015 Phusion
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -289,6 +289,7 @@ start_watchdog(ngx_cycle_t *cycle) {
     pp_variant_map_set_ngx_str(params, "default_ruby", &passenger_main_conf.default_ruby);
     pp_variant_map_set_int    (params, "max_pool_size", passenger_main_conf.max_pool_size);
     pp_variant_map_set_int    (params, "pool_idle_time", passenger_main_conf.pool_idle_time);
+    pp_variant_map_set_int    (params, "response_buffer_high_watermark", passenger_main_conf.response_buffer_high_watermark);
     pp_variant_map_set_int    (params, "stat_throttle_rate", passenger_main_conf.stat_throttle_rate);
     pp_variant_map_set_ngx_str(params, "analytics_log_user", &passenger_main_conf.analytics_log_user);
     pp_variant_map_set_ngx_str(params, "analytics_log_group", &passenger_main_conf.analytics_log_group);

data/ext/ruby/extconf.rb

@@ -21,9 +21,9 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 #  THE SOFTWARE.
 require 'mkmf'
-$LIBS = ""
+
+$LIBS << " -lpthread" if $LIBS !~ /-lpthread/
 $CFLAGS << " -g"
-$LIBS << " -lpthread"
 
 if RUBY_PLATFORM =~ /solaris/
 	have_library('xnet')
@@ -39,8 +39,8 @@ have_header('ruby/version.h')
 have_header('ruby/io.h')
 have_header('ruby/thread.h')
 have_var('ruby_version')
-have_func('rb_thread_io_blocking_region')
-have_func('rb_thread_call_without_gvl')
+have_func('rb_thread_io_blocking_region', 'ruby/io.h')
+have_func('rb_thread_call_without_gvl', 'ruby/thread.h')
 
 with_cflags($CFLAGS) do
 	create_makefile('passenger_native_support')
@@ -64,3 +64,4 @@ with_cflags($CFLAGS) do
 		end
 	end
 end
+

data/lib/phusion_passenger.rb

@@ -1,6 +1,6 @@
 # encoding: utf-8
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2010-2014 Phusion
+#  Copyright (c) 2010-2015 Phusion
 #
 #  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
 #
@@ -30,7 +30,7 @@ module PhusionPassenger
 
 	PACKAGE_NAME = 'passenger'
 	# Run 'rake ext/common/Constants.h' after changing this number.
-	VERSION_STRING = '5.0.0.beta2'
+	VERSION_STRING = '5.0.0.beta3'
 
 	PREFERRED_NGINX_VERSION = '1.6.2'
 	NGINX_SHA256_CHECKSUM = 'b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18'

data/lib/phusion_passenger/constants.rb

@@ -1,5 +1,5 @@
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2010-2014 Phusion
+#  Copyright (c) 2010-2015 Phusion
 #
 #  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
 #
@@ -56,6 +56,7 @@ module PhusionPassenger
 		DEFAULT_CONCURRENCY_MODEL = "process"
 		DEFAULT_STICKY_SESSIONS_COOKIE_NAME = "_passenger_route"
 		DEFAULT_APP_THREAD_COUNT = 1
+		DEFAULT_RESPONSE_BUFFER_HIGH_WATERMARK = 1024 * 1024 * 128
 		DEFAULT_STAT_THROTTLE_RATE = 10
 		DEFAULT_ANALYTICS_LOG_USER = DEFAULT_WEB_APP_USER
 		DEFAULT_ANALYTICS_LOG_GROUP = ""

data/lib/phusion_passenger/nginx/config_options.rb

@@ -1,5 +1,5 @@
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2013-2014 Phusion
+#  Copyright (c) 2013-2015 Phusion
 #
 #  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
 #
@@ -297,6 +297,10 @@ LOCATION_CONFIGURATION_OPTIONS = [
 		:name   => 'passenger_sticky_sessions_cookie_name',
 		:type   => :string
 	},
+	{
+		:name   => 'passenger_vary_turbocache_by_cookie',
+		:type   => :string
+	},
 
 	###### Enterprise features ######
 	{

data/lib/phusion_passenger/rack/thread_handler_extension.rb

@@ -1,6 +1,6 @@
 # encoding: binary
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2010-2014 Phusion
+#  Copyright (c) 2010-2015 Phusion
 #
 #  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
 #
@@ -207,6 +207,8 @@ private
 				# We do not check for this key name in every loop
 				# iteration as an optimization.
 				next
+			else
+				values = values.to_s.split(NEWLINE)
 			end
 			values.each do |value|
 				result << key

data/lib/phusion_passenger/ruby_core_enhancements.rb

@@ -1,6 +1,6 @@
 # encoding: binary
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2010-2014 Phusion
+#  Copyright (c) 2010-2015 Phusion
 #
 #  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
 #
@@ -96,17 +96,16 @@ module Signal
 		ruby_engine = defined?(RUBY_ENGINE) ? RUBY_ENGINE : "ruby"
 		case ruby_engine
 		when "jruby"
-			result = Signal.list
+			result = Signal.list.dup
 			result.delete("QUIT")
 			result.delete("ILL")
 			result.delete("FPE")
-			result.delete("KILL")
 			result.delete("SEGV")
 			result.delete("USR1")
 			result.delete("IOT")
 			result.delete("EXIT")
 		else
-			result = Signal.list
+			result = Signal.list.dup
 			result.delete("ALRM")
 			result.delete("VTALRM")
 		end

data/lib/phusion_passenger/standalone/start_command.rb

@@ -241,11 +241,15 @@ private
 			opts.on("--sticky-sessions", "Enable sticky sessions") do
 				options[:sticky_sessions] = true
 			end
-			opts.on("--sticky-sessions-cookie-name", String,
+			opts.on("--sticky-sessions-cookie-name NAME", String,
 				"Cookie name to use for sticky sessions.#{nl}" +
 				"Default: #{DEFAULT_STICKY_SESSIONS_COOKIE_NAME}") do |value|
 				options[:sticky_sessions_cookie_name] = value
 			end
+			opts.on("--vary-turbocache-by-cookie NAME", String,
+				"Vary the turbocache by the cookie of the given name") do |value|
+				options[:vary_turbocache_by_cookie] = value
+			end
 			opts.on("--disable-turbocaching", "Disable turbocaching") do
 				options[:turbocaching] = false
 			end

data/lib/phusion_passenger/standalone/start_command/builtin_engine.rb

@@ -80,12 +80,18 @@ private
 			command << " --ctl #{Shellwords.escape ctl}"
 		end
 		if @options[:user]
-			command << " --default-user #{Shellwords.ecape @options[:user]}"
+			command << " --default-user #{Shellwords.escape @options[:user]}"
 		else
 			user  = Etc.getpwuid(Process.uid).name
-			group = Etc.getgrgid(Process.gid).name
+			begin
+				group = Etc.getgrgid(Process.gid)
+			rescue ArgumentError
+				# Do nothing. On Heroku, it's normal that the group
+				# database is broken.
+			else
+				command << " --default-group #{Shellwords.escape group.name}"
+			end
 			command << " --default-user #{Shellwords.escape user}"
-			command << " --default-group #{Shellwords.escape group}"
 		end
 
 		command << " --BS"
@@ -114,6 +120,7 @@ private
 		add_enterprise_flag_param(command, :rolling_restarts, "--rolling-restarts")
 		add_enterprise_flag_param(command, :resist_deployment_errors, "--resist-deployment-errors")
 		add_flag_param(command, :sticky_sessions, "--sticky-sessions")
+		add_param(command, :vary_turbocache_by_cookie, "--vary-turbocache-by-cookie")
 		add_param(command, :sticky_sessions_cookie_name, "--sticky-sessions-cookie-name")
 		add_param(command, :union_station_gateway_address, "--union-station-gateway-address")
 		add_param(command, :union_station_gateway_port, "--union-station-gateway-port")

data/resources/templates/standalone/config.erb

@@ -140,7 +140,8 @@ http {
         <% if app[:min_instances] %>passenger_min_instances <%= app[:min_instances] %>;<% end %>
         <% if app[:restart_dir] %>passenger_restart_dir '<%= app[:restart_dir] %>';<% end %>
         <% if @options[:sticky_sessions] %>passenger_sticky_sessions on;<% end %>
-        <% if @options[:sticky_sessions_cookie_name] %>passenger_sticky_sessions_cookie_name '<%= sticky_sessions_cookie_name %>';<% end %>
+        <% if @options[:sticky_sessions_cookie_name] %>passenger_sticky_sessions_cookie_name '<%= @options[:sticky_sessions_cookie_name] %>';<% end %>
+        <% if @options[:vary_turbocache_by_cookie] %>passenger_vary_turbocache_by_cookie '<%= @options[:vary_turbocache_by_cookie] %>';<% end %>
         <% if app[:union_station_key] %>
             union_station_support on;
             union_station_key <%= app[:union_station_key] %>;

data/test/cxx/DateParsingTest.cpp

@@ -0,0 +1,75 @@
+#include "TestSupport.h"
+#include <cstring>
+#include <Utils/DateParsing.h>
+
+using namespace Passenger;
+using namespace std;
+
+namespace tut {
+	struct DateParsingTest {
+		struct tm tm;
+		int zone;
+
+		DateParsingTest() {
+			memset(&tm, 0, sizeof(tm));
+			zone = 0;
+		}
+
+		void parse(const char *datestr) {
+			const char *end = datestr + strlen(datestr);
+			ensure("Parsing succeeds", parseImfFixdate(datestr, end, tm, zone));
+		}
+	};
+
+	DEFINE_TEST_GROUP(DateParsingTest);
+
+	/***** Valid dates *****/
+
+	TEST_METHOD(1) {
+		parse("Thu, 08 Jan 2015 16:20:46 GMT");
+		ensure_equals(tm.tm_year, 2015 - 1900);
+		ensure_equals(tm.tm_mon, 0);
+		ensure_equals(tm.tm_mday, 8);
+		ensure_equals(tm.tm_hour, 16);
+		ensure_equals(tm.tm_min, 20);
+		ensure_equals(tm.tm_sec, 46);
+		ensure_equals(zone, 0);
+		ensure_equals(parsedDateToTimestamp(tm, zone), 1420734046);
+	}
+
+	TEST_METHOD(2) {
+		parse("Thu, 01 Dec 1994 16:00:00 GMT");
+		ensure_equals(tm.tm_year, 1994 - 1900);
+		ensure_equals(tm.tm_mon, 11);
+		ensure_equals(tm.tm_mday, 1);
+		ensure_equals(tm.tm_hour, 16);
+		ensure_equals(tm.tm_min, 0);
+		ensure_equals(tm.tm_sec, 0);
+		ensure_equals(zone, 0);
+		ensure_equals(parsedDateToTimestamp(tm, zone), 786297600);
+	}
+
+	TEST_METHOD(3) {
+		parse("Sun, 06 Nov 1994 08:49:37 GMT");
+		ensure_equals(tm.tm_year, 1994 - 1900);
+		ensure_equals(tm.tm_mon, 10);
+		ensure_equals(tm.tm_mday, 6);
+		ensure_equals(tm.tm_hour, 8);
+		ensure_equals(tm.tm_min, 49);
+		ensure_equals(tm.tm_sec, 37);
+		ensure_equals(zone, 0);
+		ensure_equals(parsedDateToTimestamp(tm, zone), 784111777);
+	}
+
+	TEST_METHOD(4) {
+		parse("Thu, 08 Jan 2015 17:33:14 -0300");
+		ensure_equals(tm.tm_year, 2015 - 1900);
+		ensure_equals(tm.tm_mon, 0);
+		ensure_equals(tm.tm_mday, 8);
+		ensure_equals(tm.tm_hour, 17);
+		ensure_equals(tm.tm_min, 33);
+		ensure_equals(tm.tm_sec, 14);
+		ensure_equals(zone, -300);
+		ensure_equals(parsedDateToTimestamp(tm, zone), 1420749194);
+	}
+}

data/test/cxx/ResponseCacheTest.cpp

@@ -0,0 +1,322 @@
+#include "TestSupport.h"
+#include <ServerKit/HttpRequest.h>
+#include <MemoryKit/palloc.h>
+#include <agents/HelperAgent/RequestHandler/Request.h>
+#include <agents/HelperAgent/RequestHandler/AppResponse.h>
+#include <agents/HelperAgent/ResponseCache.h>
+
+using namespace Passenger;
+using namespace Passenger::ServerKit;
+using namespace std;
+
+namespace tut {
+	typedef ResponseCache<Request> ResponseCacheType;
+
+	struct ResponseCacheTest {
+		ResponseCacheType responseCache;
+		Request req;
+		StaticString defaultVaryTurbocacheByCookie;
+
+		ResponseCacheTest() {
+			req.httpMajor = 1;
+			req.httpMinor = 0;
+			req.httpState = Request::COMPLETE;
+			req.bodyType  = Request::RBT_NO_BODY;
+			req.method    = HTTP_GET;
+			req.wantKeepAlive = false;
+			req.responseBegun = false;
+			req.client    = NULL;
+			req.pool      = psg_create_pool(PSG_DEFAULT_POOL_SIZE);
+			req.hooks.impl     = NULL;
+			req.hooks.userData = NULL;
+			psg_lstr_init(&req.path);
+			psg_lstr_append(&req.path, req.pool, "/");
+			req.bodyAlreadyRead = 0;
+			req.queryStringIndex = -1;
+			req.bodyError = 0;
+
+			req.startedAt = 0;
+			req.state     = Request::ANALYZING_REQUEST;
+			req.dechunkResponse = false;
+			req.requestBodyBuffering = false;
+			req.https     = false;
+			req.stickySession = false;
+			req.halfCloseAppConnection = false;
+			req.sessionCheckoutTry = 0;
+			req.strip100ContinueHeader = false;
+			req.hasPragmaHeader = false;
+			req.host = createHostString();
+			req.bodyBytesBuffered = 0;
+			req.cacheControl = NULL;
+			req.varyCookie = NULL;
+
+			req.appResponse.httpMajor  = 1;
+			req.appResponse.httpMinor  = 1;
+			req.appResponse.httpState  = AppResponse::COMPLETE;
+			req.appResponse.wantKeepAlive = false;
+			req.appResponse.oneHundredContinueSent = false;
+			req.appResponse.bodyType   = AppResponse::RBT_NO_BODY;
+			req.appResponse.statusCode = 200;
+			req.appResponse.bodyAlreadyRead = 0;
+			req.appResponse.date       = NULL;
+			req.appResponse.setCookie  = NULL;
+			req.appResponse.cacheControl  = NULL;
+			req.appResponse.expiresHeader = NULL;
+			req.appResponse.lastModifiedHeader = NULL;
+			req.appResponse.headerCacheBuffers = NULL;
+			req.appResponse.nHeaderCacheBuffers = 0;
+			psg_lstr_init(&req.appResponse.bodyCacheBuffer);
+		}
+
+		~ResponseCacheTest() {
+			psg_destroy_pool(req.pool);
+		}
+
+		LString *createHostString() {
+			LString *str = (LString *) psg_palloc(req.pool, sizeof(LString));
+			psg_lstr_init(str);
+			psg_lstr_append(str, req.pool, "foo.com");
+			return str;
+		}
+
+		Header *createHeader(const HashedStaticString &key, const StaticString &val) {
+			Header *header = (Header *) psg_palloc(req.pool, sizeof(Header));
+			psg_lstr_init(&header->key);
+			psg_lstr_init(&header->val);
+			psg_lstr_append(&header->key, req.pool, key.data(), key.size());
+			psg_lstr_append(&header->val, req.pool, val.data(), val.size());
+			header->hash = key.hash();
+			return header;
+		}
+
+		void initCacheableResponse() {
+			req.appResponse.headers.insert(createHeader(
+				"cache-control", "public,max-age=99999"),
+				req.pool);
+		}
+
+		void initUncacheableResponse() {
+			req.appResponse.headers.insert(createHeader(
+				"cache-control", "private"),
+				req.pool);
+		}
+	};
+
+	DEFINE_TEST_GROUP(ResponseCacheTest);
+
+
+	/***** Preparation *****/
+
+	TEST_METHOD(1) {
+		set_test_name("It works on a GET request with no body");
+		ensure(responseCache.prepareRequest(this, &req));
+	}
+
+	TEST_METHOD(2) {
+		set_test_name("It fails on upgraded requests");
+		req.bodyType = Request::RBT_UPGRADE;
+		ensure(!responseCache.prepareRequest(this, &req));
+		ensure_equals(req.cacheKey.size(), 0u);
+	}
+
+	TEST_METHOD(3) {
+		set_test_name("It fails on requests without a host name");
+		req.host = NULL;
+		ensure(!responseCache.prepareRequest(this, &req));
+		ensure_equals(req.cacheKey.size(), 0u);
+	}
+
+	TEST_METHOD(4) {
+		set_test_name("It fails if the path is too long");
+		psg_lstr_append(&req.path, req.pool, "fooooooooooooooooooooooooooo"
+			"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+			"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+			"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+			"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+			"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+			"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo"
+			"ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo");
+		ensure(!responseCache.prepareRequest(this, &req));
+		ensure_equals(req.cacheKey.size(), 0u);
+	}
+
+	TEST_METHOD(7) {
+		set_test_name("It generates a cache key on success");
+		ensure(responseCache.prepareRequest(this, &req));
+		ensure(req.cacheKey.size() > 0);
+	}
+
+
+	/***** Checking whether request should be fetched from cache *****/
+
+	TEST_METHOD(15) {
+		set_test_name("It succeeds on GET requests");
+		ensure(responseCache.prepareRequest(this, &req));
+		ensure(responseCache.requestAllowsFetching(&req));
+	}
+
+	TEST_METHOD(16) {
+		set_test_name("It succeeds on HEAD requests");
+		req.method = HTTP_HEAD;
+		ensure(responseCache.prepareRequest(this, &req));
+		ensure(responseCache.requestAllowsFetching(&req));
+	}
+
+	TEST_METHOD(17) {
+		set_test_name("It fails on POST requests");
+		req.method = HTTP_POST;
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", !responseCache.requestAllowsFetching(&req));
+	}
+
+	TEST_METHOD(18) {
+		set_test_name("It fails on non-GET and non-HEAD requests");
+		req.method = HTTP_OPTIONS;
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", !responseCache.requestAllowsFetching(&req));
+	}
+
+	TEST_METHOD(19) {
+		set_test_name("It fails if the request has a Cache-Control header");
+		req.headers.insert(createHeader(
+			"cache-control", "xyz"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", !responseCache.requestAllowsFetching(&req));
+	}
+
+	TEST_METHOD(20) {
+		set_test_name("It fails if the request has a Pragma header");
+		req.headers.insert(createHeader(
+			"pragma", "xyz"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", !responseCache.requestAllowsFetching(&req));
+	}
+
+
+	/***** Checking whether request should be stored to cache *****/
+
+	TEST_METHOD(30) {
+		set_test_name("It fails on HEAD requests");
+		initCacheableResponse();
+		req.method = HTTP_HEAD;
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", !responseCache.requestAllowsStoring(&req));
+	}
+
+	TEST_METHOD(31) {
+		set_test_name("It fails on all non-GET requests");
+		initCacheableResponse();
+		req.method = HTTP_POST;
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", !responseCache.requestAllowsStoring(&req));
+	}
+
+	TEST_METHOD(32) {
+		set_test_name("It fails if the request's Cache-Control header contains no-store");
+		initCacheableResponse();
+		req.headers.insert(createHeader(
+			"cache-control", "no-store"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", !responseCache.requestAllowsStoring(&req));
+	}
+
+	TEST_METHOD(33) {
+		set_test_name("It fails if the request is not default cacheable");
+		req.appResponse.statusCode = 205;
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", !responseCache.prepareRequestForStoring(&req));
+	}
+
+	TEST_METHOD(34) {
+		set_test_name("It fails if the request is default cacheable, but the response has "
+			"no Cache-Control and no Expires header that allow caching");
+		ensure_equals(req.appResponse.statusCode, 200);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", !responseCache.prepareRequestForStoring(&req));
+	}
+
+	TEST_METHOD(35) {
+		set_test_name("It succeeds if the response contains a Cache-Control header with public directive");
+		req.appResponse.headers.insert(createHeader(
+			"cache-control", "public"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", responseCache.prepareRequestForStoring(&req));
+	}
+
+	TEST_METHOD(36) {
+		set_test_name("It succeeds if the response contains a Cache-Control header with max-age directive");
+		req.appResponse.headers.insert(createHeader(
+			"cache-control", "max-age=999"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", responseCache.prepareRequestForStoring(&req));
+	}
+
+	TEST_METHOD(37) {
+		set_test_name("It succeeds if the response contains an Expires header");
+		req.appResponse.headers.insert(createHeader(
+			"expires", "Tue, 01 Jan 2030 00:00:00 GMT"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", responseCache.prepareRequestForStoring(&req));
+	}
+
+	TEST_METHOD(38) {
+		set_test_name("It fails if the response's Cache-Control header contains no-store");
+		req.appResponse.headers.insert(createHeader(
+			"cache-control", "no-store"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", !responseCache.prepareRequestForStoring(&req));
+	}
+
+	TEST_METHOD(45) {
+		set_test_name("It fails if the response's Cache-Control header contains private");
+		req.appResponse.headers.insert(createHeader(
+			"cache-control", "private"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", !responseCache.prepareRequestForStoring(&req));
+	}
+
+	TEST_METHOD(46) {
+		set_test_name("It fails if the request has a Authorization header");
+		req.headers.insert(createHeader(
+			"authorization", "foo"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", !responseCache.prepareRequestForStoring(&req));
+	}
+
+	TEST_METHOD(47) {
+		set_test_name("It fails if the response has a Vary header");
+		req.appResponse.headers.insert(createHeader(
+			"vary", "foo"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", !responseCache.prepareRequestForStoring(&req));
+	}
+
+	TEST_METHOD(48) {
+		set_test_name("It fails if the response has a WWW-Authenticate header");
+		req.appResponse.headers.insert(createHeader(
+			"www-authenticate", "foo"),
+			req.pool);
+		ensure("(1)", responseCache.prepareRequest(this, &req));
+		ensure("(2)", responseCache.requestAllowsStoring(&req));
+		ensure("(3)", !responseCache.prepareRequestForStoring(&req));
+	}
+}