http-caching

I am trying to write an nginx config that will handle two sites on both http and https, it seems to work as long as a client never visits both sites, but if they do there are caching/cross-site issues. # Allow cross origin location ~* \.(eot|svg|ttf|woff|woff2|json)$ { if ($http_origin ~* (https?://(admin\.)?example\.com(:[0-9]+)?)) { add_header 'Access-Control-Allow-Origin' "$http_origin"; } } So if I load example.com, everything works, but then when I load admin.example.com I get issues like this (index):1 XMLHttpRequest cannot load http://origin.example.com/js/data-lib/currency.json . The

I am making a transition from SOAP to REST, and I would like to convince my colleagues that this is a good move. We don't need the extra security mechanisms that SOAP can provide. For us the overhead of SOAP and WSDL has only proven to be a headache over the years. Apart from the obvious simplifications, one really valuable advantage for our system would be the HTTP caching mechanisms. I have read things on the subject, but I still don't fully understand why these caching mechanisms can't be applied to SOAP messages. Is it simply because REST by convention encodes all the parameters in the url

As far as I know, the HTTP Header Vary specifies a comma separated list of HTTP headers that need to be considered by caches together with the URL when deciding if a request is a cache hit or miss. If that header is omitted, means that only the URL will be considered. But what happen when the header is Vary:* ? RFC 2616 14.4 A Vary field value of *** signals that unspecified parameters not limited to the request-headers (e.g., the network address of the client), play a role in the selection of the response representation. The * value MUST NOT be generated by a proxy server; it may only be

I'm wondering if there is a way how to detect when a response is returned from a local cache? Is it possible? The solution should be general and work for unconditional requests. In this case, the response code is always 200 OK, but XHR returns a cached resource for the second request (e.g. the first response contains Expires header, so there is no need to ask a server for a new resource before the expiration date). The answer is Date header If date header is before send date then a response is coming from a cache. If date header is after date when a request was sent then a response is fresh. e

What's the difference between the following three .htaccess rules and when to use each, is there any special use cases that prefers one over the other?: Header set Cache-Control "max-age=290304000" Header set Expires "Thu, 15 Apr 2020 20:00:00 GMT" ExpiresDefault "access plus 10 years" Gumbo Header is a directive of mod_headers that allows to modify HTTP header fields. In this case Header set effectively sets the mentioned header fields Cache-Control and Expires , so an already existing header field will be overwritten. The first directive sets the header field Cache-Control with the value max

If a HTTP response that returns both Expires and max-age indications which one is used? Cache-Control: max-age=3600 Expires: Tue, 15 May 2008 07:19:00 GMT Considering that each one refers to a different point in time. Peter O. See this answer: Difference between three .htaccess expire rules If a response includes both an Expires header and a max-age directive, the max-age directive overrides the Expires header , even if the Expires header is more restrictive. This rule allows an origin server to provide, for a given response, a longer expiration time to an HTTP/1.1 (or later) cache than to an