From dcc3c16b5461b45c1c4e26a3f8342560260af204 Mon Sep 17 00:00:00 2001 From: Donald Stufft Date: Mon, 17 Sep 2018 19:57:56 -0400 Subject: [PATCH] Only revalidate /simple/ pages instead of caching for 10 minutes --- news/5670.bugfix | 2 ++ src/pip/_internal/index.py | 15 ++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 news/5670.bugfix diff --git a/news/5670.bugfix b/news/5670.bugfix new file mode 100644 index 00000000000..9ffac6638cb --- /dev/null +++ b/news/5670.bugfix @@ -0,0 +1,2 @@ +Always revalidate cached simple API pages instead of blindly caching them for up to 10 +minutes. diff --git a/src/pip/_internal/index.py b/src/pip/_internal/index.py index ea8363e7807..fd660973402 100644 --- a/src/pip/_internal/index.py +++ b/src/pip/_internal/index.py @@ -783,7 +783,20 @@ def get_page(cls, link, skip_archives=True, session=None): url, headers={ "Accept": "text/html", - "Cache-Control": "max-age=600", + # We don't want to blindly returned cached data for + # /simple/, because authors generally expecting that + # twine upload && pip install will function, but if + # they've done a pip install in the last ~10 minutes + # it won't. Thus by setting this to zero we will not + # blindly use any cached data, however the benefit of + # using max-age=0 instead of no-cache, is that we will + # still support conditional requests, so we will still + # minimize traffic sent in cases where the page hasn't + # changed at all, we will just always incur the round + # trip for the conditional GET now instead of only + # once per 10 minutes. + # For more information, please see pypa/pip#5670. + "Cache-Control": "max-age=0", }, ) resp.raise_for_status()