http-caching

问题 I have a doubt about max-age behaviour after reading the Http Cache rfc. Scenario: User agent GET /foo Origin Server Response header cache-control: max-age=120 Server tells user agent that the resource requested should be revalidated after 2 minutes. After 1 minute and few seconds, User agent makes another request, specifying a max-age of 1 minute: User agent cache-control: max-age=60 GET /foo From what I understand, this request should bypass the user agent cache. Why? Although the Origin

问题 Say you're HTTP caching a login protected page (not critical banking info). Now because you're using HTTP caching, logging out (destroying the session) will not have an effect on that cached page. Currently, the only way I can think of is to explicitly set a sensible max-age cache value so it at least expires at some point. E.g., members_area.php \header('Cache-Control: max-age=60'); Other than this, are there better ways to invalidate memebrs_area.php in the user's browser when they click

问题 I'm using varnish in front of a tile server to cache mapbox tiles. To remove old tiles, I intended to use bans to effectively remove a large number of cached tiles. My problem is that varnish still uses the cached objects (at least the age in the response indicates this) and doesn't contact the backend. I'm first requesting http://varnish/5/3/4.pbf, then adding a ban with curl -X BAN -H 'X-Purge-Regex: 5/3/4.pbf' varnish or alternatively varnishadm and then ban obj.http.url ~ 5/3/4.pbf and

问题 I've read about single cache-control header value. To test what I learned, I opened facebook and inspect. This is the Cache-Control response header I get: cache-control:private, no-cache, no-store, must-revalidate I am confused what this header actually tells, because it contains 4 values at once. So what happens with the resource send through the network, if it contains such header? EDIT: no-store says, "do not store at all, not in private not public caches", and no-cache says "yeees you can

问题 I've read about single cache-control header value. To test what I learned, I opened facebook and inspect. This is the Cache-Control response header I get: cache-control:private, no-cache, no-store, must-revalidate I am confused what this header actually tells, because it contains 4 values at once. So what happens with the resource send through the network, if it contains such header? EDIT: no-store says, "do not store at all, not in private not public caches", and no-cache says "yeees you can

问题 I've read about single cache-control header value. To test what I learned, I opened facebook and inspect. This is the Cache-Control response header I get: cache-control:private, no-cache, no-store, must-revalidate I am confused what this header actually tells, because it contains 4 values at once. So what happens with the resource send through the network, if it contains such header? EDIT: no-store says, "do not store at all, not in private not public caches", and no-cache says "yeees you can

问题 We want to "prevent the inadvertent release or retention of sensitive information (for example, on backup tapes :) )" and plan to use the HTTP header Cache-control: no-store. What are the down-sides of doing so? From the spec, it appears caching will continue to operate - it just cannot use non-volatile storage. In order to choose which responses to specify no-store on, we have some measure of "sensitivity." What is the counterbalancing measure we we should use - in other words, why not mark

问题 I have a simple ASP.NET Core 2.2 Web Api controller: [ApiVersion("1.0")] [Route("api/[controller]")] [ApiController] public class TestScenariosController : Controller { [HttpGet("v2")] public ActionResult<List<TestScenarioItem>> GetAll() { var entities = _dbContext.TestScenarios.AsNoTracking().Select(e => new TestScenarioItem { Id = e.Id, Name = e.Name, Description = e.Description, }).ToList(); return entities; } } When I query this action from angular app using @angular/common/http : this

问题 I build a service worker which always responds with data from the cache and then, in the background, sends a request to the server. If the server responds with HTTP 304 - not modified everything is fine, if the server responds with HTTP 200 , that means the data was changed and the new file is put into the cache, also the user is notified and asked for a page refresh. I use the not-modified-since / last-modified headers to make sure the client gets the most up-to-date version. When a request

问题 In AppDelegate.m, I configured: NSURLCache *sharedURLCache = [[NSURLCache alloc] initWithMemoryCapacity:20 * 1024 * 1024 diskCapacity:100 * 1024 * 1024 diskPath:@"FhtHttpCacheDir"]; Then the http request: - (void) testRestfulAPI{ NSURLSessionConfiguration *config = [NSURLSessionConfiguration defaultSessionConfiguration]; NSURLSession *session = [NSURLSession sessionWithConfiguration:config]; NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:@"http:/