Use no-store for web UI to prevent intermediate caching #4966
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR replaces the default
Cache-Control
for the Web UI to beno-store
instead ofno-cache
. See here.Why?
This seems like a saner default to use - tell servers that we don't want the page cached anywhere. Using
no-cache
says that the page can still be cached by intermediates as long as the page is revalidated. We ran into this issue with the Web UI behind Fastly - since the Web UI doesn't support Etags/If-Modified-Since, it seems like cache validation is just being performed by looking at the content length. This means that we were getting cached responses (such as stat data) that were clearly stale but matched the content length of the previous request.Similarly, it's not uncommon to put the Web UI behind some authentication system (such as
sidekiq-ent
provides). It looks likesidekiq-ent
doesn't modify the cache headers at all, but when authentication is done we should haveprivate
(or justno-store
) to prevent authenticated pages from being cached and returned to another user.Alternatively we can use
no-cache, private
, although I'm not sure it would give much benefit over just not storing anywhere 馃