Reputation: 337
Cache-Control HTTP Headers precedence
I've read this excellent article about Cache-Control HTTP Headers: https://www.mnot.net/cache_docs/#CACHE-CONTROL
I was wondering what would happen with the following header:
Cache-Control: no-store, public
Would the public header take precedence over the no-store header, or vice versa?
Would the header that takes precedence vary from one browser to another?
I understand that to have both no-store and public Cache-Control headers may not be advisable, but for arguments sake what would happen if they were both present.
Thanks in advance for any guidance.
Upvotes: 1
Views: 2406
Answers (3)
Reputation: 1086
I've shortened down the section of the HTTP Caching specification that relates to your use case (See https://www.rfc-editor.org/rfc/rfc7234#section-3):
A cache MUST NOT store a response to any request, unless:
the "no-store" cache directive (see Section 5.2) does not appear in request or response header fields, and
the response either:
contains a Cache Control Extension (see Section 5.2.3) that allows it to be cached, or contains a public response directive (see Section 5.2.2.5).
contains a public response directive (see Section 5.2.2.5).
In short, no-store takes precedence over public.
Upvotes: 0
Reputation: 944293
Via the RFC 7234. Given:
Cache-Control: no-store, public
no-store is the Response Cache-Control Directive (RFC 7234, Section 5.2.2). It states that the response should not be stored.
public is an extension.
The Cache-Control header field can be extended through the use of one or more cache-extension tokens, each with an optional value. A cache MUST ignore unrecognized cache directives.
Since public isn't a known extension to no-store, it is ignored.
Upvotes: 0
Reputation: 319
Find some of the main code regarding this question from Google Chrome Browser below.
isPubliclyCacheable: function(resource)
{
if (this._isExplicitlyNonCacheable(resource))
return false;
if (this.responseHeaderMatch(resource, "Cache-Control", "public"))
return true;
return resource.url.indexOf("?") == -1 && !this.responseHeaderMatch(resource, "Cache-Control", "private");
}
_isExplicitlyNonCacheable: function(resource)
{
var hasExplicitExp = this.hasExplicitExpiration(resource);
return this.responseHeaderMatch(resource, "Cache-Control", "(no-cache|no-store|must-revalidate)") ||
this.responseHeaderMatch(resource, "Pragma", "no-cache") ||
(hasExplicitExp && !this.freshnessLifetimeGreaterThan(resource, 0)) ||
(!hasExplicitExp && resource.url && resource.url.indexOf("?") >= 0) ||
(!hasExplicitExp && !this.isCacheableResource(resource));
}
According to the code some of the directives have more priority than the other and "no-store" is among them so in your case (Cache-Control: "public, no-store" or "no-store, public") no-store will get higher priority.
Upvotes: 2
Related Questions
- Common HTTP header to disable cache in server-sided web application
- How to set HTTP headers (for cache-control)?
- If a Cache-Control directive is present on request and response header, which takes precedence?
- Cache-control Immutable Header
- HTTP Cache Control max-age, must-revalidate
- Cache-Control Header and Conditional Requests
- Cache-control in response headers
- Cache-Control Headers
- HTTP Headers - Cache Question
- HTTP Cache- Control