http-caching

Can a user agent set a max-age greater than zero in its request?

半腔热情 提交于 2021-02-18 23:00:17
问题 I have a doubt about max-age behaviour after reading the Http Cache rfc. Scenario: User agent GET /foo Origin Server Response header cache-control: max-age=120 Server tells user agent that the resource requested should be revalidated after 2 minutes. After 1 minute and few seconds, User agent makes another request, specifying a max-age of 1 minute: User agent cache-control: max-age=60 GET /foo From what I understand, this request should bypass the user agent cache. Why? Although the Origin

Invalidate cache of a “login protected” area upon logout

萝らか妹 提交于 2021-02-11 13:47:48
问题 Say you're HTTP caching a login protected page (not critical banking info). Now because you're using HTTP caching, logging out (destroying the session) will not have an effect on that cached page. Currently, the only way I can think of is to explicitly set a sensible max-age cache value so it at least expires at some point. E.g., members_area.php \header('Cache-Control: max-age=60'); Other than this, are there better ways to invalidate memebrs_area.php in the user's browser when they click

Varnish ban is added but old object is returned

可紊 提交于 2021-02-08 06:32:49
问题 I'm using varnish in front of a tile server to cache mapbox tiles. To remove old tiles, I intended to use bans to effectively remove a large number of cached tiles. My problem is that varnish still uses the cached objects (at least the age in the response indicates this) and doesn't contact the backend. I'm first requesting http://varnish/5/3/4.pbf, then adding a ban with curl -X BAN -H 'X-Purge-Regex: 5/3/4.pbf' varnish or alternatively varnishadm and then ban obj.http.url ~ 5/3/4.pbf and

meaning of multiple values in cache-control header

血红的双手。 提交于 2021-02-07 20:14:32
问题 I've read about single cache-control header value. To test what I learned, I opened facebook and inspect. This is the Cache-Control response header I get: cache-control:private, no-cache, no-store, must-revalidate I am confused what this header actually tells, because it contains 4 values at once. So what happens with the resource send through the network, if it contains such header? EDIT: no-store says, "do not store at all, not in private not public caches", and no-cache says "yeees you can

meaning of multiple values in cache-control header

蓝咒 提交于 2021-02-07 20:12:19
问题 I've read about single cache-control header value. To test what I learned, I opened facebook and inspect. This is the Cache-Control response header I get: cache-control:private, no-cache, no-store, must-revalidate I am confused what this header actually tells, because it contains 4 values at once. So what happens with the resource send through the network, if it contains such header? EDIT: no-store says, "do not store at all, not in private not public caches", and no-cache says "yeees you can

meaning of multiple values in cache-control header

半世苍凉 提交于 2021-02-07 20:09:32
问题 I've read about single cache-control header value. To test what I learned, I opened facebook and inspect. This is the Cache-Control response header I get: cache-control:private, no-cache, no-store, must-revalidate I am confused what this header actually tells, because it contains 4 values at once. So what happens with the resource send through the network, if it contains such header? EDIT: no-store says, "do not store at all, not in private not public caches", and no-cache says "yeees you can

What are the drawbacks of using cache-control: no-store?

老子叫甜甜 提交于 2021-01-28 06:32:40
问题 We want to "prevent the inadvertent release or retention of sensitive information (for example, on backup tapes :) )" and plan to use the HTTP header Cache-control: no-store. What are the down-sides of doing so? From the spec, it appears caching will continue to operate - it just cannot use non-volatile storage. In order to choose which responses to specify no-store on, we have some measure of "sensitivity." What is the counterbalancing measure we we should use - in other words, why not mark

How to disable caching for all WebApi responses in order to avoid IE using (from cache) responses

雨燕双飞 提交于 2020-12-29 12:21:04
问题 I have a simple ASP.NET Core 2.2 Web Api controller: [ApiVersion("1.0")] [Route("api/[controller]")] [ApiController] public class TestScenariosController : Controller { [HttpGet("v2")] public ActionResult<List<TestScenarioItem>> GetAll() { var entities = _dbContext.TestScenarios.AsNoTracking().Select(e => new TestScenarioItem { Id = e.Id, Name = e.Name, Description = e.Description, }).ToList(); return entities; } } When I query this action from angular app using @angular/common/http : this

Recognize HTTP 304 in service worker / fetch()

一个人想着一个人 提交于 2020-12-25 09:55:13
问题 I build a service worker which always responds with data from the cache and then, in the background, sends a request to the server. If the server responds with HTTP 304 - not modified everything is fine, if the server responds with HTTP 200 , that means the data was changed and the new file is put into the cache, also the user is notified and asked for a page refresh. I use the not-modified-since / last-modified headers to make sure the client gets the most up-to-date version. When a request

NSURLCache, together with NSURLSession, does not respect: Cache-Control: max-age:86000, private, must-revalidate

蓝咒 提交于 2020-01-24 10:17:05
问题 In AppDelegate.m, I configured: NSURLCache *sharedURLCache = [[NSURLCache alloc] initWithMemoryCapacity:20 * 1024 * 1024 diskCapacity:100 * 1024 * 1024 diskPath:@"FhtHttpCacheDir"]; Then the http request: - (void) testRestfulAPI{ NSURLSessionConfiguration *config = [NSURLSessionConfiguration defaultSessionConfiguration]; NSURLSession *session = [NSURLSession sessionWithConfiguration:config]; NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:@"http:/