Reputation: 13707
How to force a browser to get new headers without declaring expires?
We have an established site that is now being effected by CSP rules. I’ve added all the scripts we need to the Content-Security-Policy header.
When visiting the site using private browsing or a device that hasn’t been to the site before, I get the new CSP header and everything works.
However, users that have been to the site before get the old headers, and they get CSP warning.
NB I cannot use expire 0 or similar as the browsers are not looking for the new headers, so never know that the headers have expired.
I’m looking for a way to tell the browser “hey, you should checkout my cool new headers because they’re new”.
Upvotes: 5
Views: 2320
Answers (1)
Reputation: 13707
Turns out I was being foiled by Local Storage that was overwriting the CSP header. Even clearing the cache doesn’t solve the problem as Local Storage remains.
Hope this helps somebody else!
Upvotes: 1
Related Questions
- HTTP Cache Control max-age, must-revalidate
- How to Add Expires headers on nginx
- Nginx Cache: how to expire/vary by request date
- Forcing already set Cache Control Headers to expire immediately
- HTTP Expires header not respected by browser?
- Possible to do "relative" Expires HTTP headers?
- expires max on Nginx
- Adding expire headers in nginx
- HTTP cache control: no expire date
- How to set nginx cache headers to never expire?