Set Cache-Control for non-cacheable resources

[jamesarosen]

Background

apollo-server@2.10.0

When cacheControl.defaultMaxAge == 0 and a resource does not include the @cacheControl directive, apollo-server returns no Cache-Control header.

RFC7231, §6.1 says,

Responses with status codes that are defined as cacheable by default (e.g., 200, 203, 204, 206, 300, 301, 404, 405, 410, 414, and 501 in this specification) can be reused by a cache with heuristic expiration unless otherwise indicated by the method definition or explicit cache controls [RFC7234]; all other status codes are not cacheable by default.

Some proxies (including CDNs) choose not to cache responses with no cache-control header. Others do.

Expected Outcome

apollo-server returns a Cache-Control header for all responses. One possible default would be max-age=0, no-store.

See Also

• Full query response cache plugin #2437
• Add no-cache headers to PersistedQuery error responses #2452
• Improve defaultMaxAge setting #4162
• Apollo caching docs
• RFC7231
• RFC7234

[timsuchanek]

In case you don't want to wait for a fix here, shameless plug:
I created a dedicated GraphQL CDN where this is fixed - https://graphcdn.io
We send private, no-store in these cases to make it explicit.

[glasser]

We made this change in Apollo Server 4.