Reputation: 49
Why is it considered dangerous to overwrite cache control headers?
I am using Retrofit/OkHTTP to consume a REST API which doesn't provide proper cache headers. In order to work around this, I've written a cache interceptor which will add cache control headers to the response.
I have seen in multiple places this is considered dangerous, for example the okhttp recipe for this has the following comment:
/** Dangerous interceptor that rewrites the server's cache-control header. */
(source)
Why exactly is this considered to be dangerous? I'd like to understand the risks of doing this.
Upvotes: 0
Views: 87
Answers (1)
Reputation: 40593
You're making decisions on the client that should instead be made on the server. The risk is that the client ends up caching something it shouldn't, which will result in stale data being returned.
Upvotes: 1
Related Questions
- Why is Cache-Control attribute sent in request header (client to server)?
- Cache-control Immutable Header
- What is the risk of having HTTP header "Cache-Control: public"?
- Why isn't the browser respecting the Cache-Control header?
- What does Cache-Control mean when a client uses it?
- max-age, no-Cache,must-revalidate on Cache-Control Header, Which takes predence here?
- HTTP Headers: Is Cache-Control enough, or do I still need Expires?
- Impact of Cache-control header as request header
- What are the consequences of not setting "cache-control" in http response header?
- why and where we have to write header cache control?