What are the drawbacks of using cache-control: no-store?

老子叫甜甜 提交于 2021-01-28 06:32:40

问题


We want to "prevent the inadvertent release or retention of sensitive information (for example, on backup tapes :) )" and plan to use the HTTP header Cache-control: no-store. What are the down-sides of doing so? From the spec, it appears caching will continue to operate - it just cannot use non-volatile storage. In order to choose which responses to specify no-store on, we have some measure of "sensitivity." What is the counterbalancing measure we we should use - in other words, why not mark all pages no-store?


回答1:


By using the store, the client has a local cache that they can use. This cache gives them a performance boost and decreases the load on your own server.

In your case, I think it makes sense to have sensitive pages sent with no caching.

I believe another technical problem with no-store (and this is more of a weird side effect) is that older versions of IE have problems with the Content-Disposition header with caching turned off. The behavior is such that the download prompt will indefinitely have 0% progress.

One misconception about no-caching policies is that the browser will actually honor it and not save it to disk. This is not true - many modern browsers actually cache all responses to disk (See this SO). However, this cache is encrypted in those cases.

Overall, I think its safe to do so. Make sure you're not relying on this mechanism as @Robert Harvy says, once you send it over, you're at the mercy of the browser of how it wants to save it.



来源:https://stackoverflow.com/questions/16532654/what-are-the-drawbacks-of-using-cache-control-no-store

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!