configurable authorization header checking in ResponseCachingPolicyProvider #15359

namnik · 2019-10-24T06:58:41Z

I need to use response caching despite exist authorization key in request header!
I know security issues about authorization header when using response caching.
but can configurable and optional to use this validation in the response caching Middleware?

I notice that both class and interface for this validation: ResponseCachingPolicyProvider and IResponseCachingPolicyProvider is Internal.


        if (!StringValues.IsNullOrEmpty(request.Headers[HeaderNames.Authorization]))
        {
            context.Logger.RequestWithAuthorizationNotCacheable();
            return false;
        }

The text was updated successfully, but these errors were encountered:

jkotalik · 2019-10-31T18:33:24Z

Dup of #14569

javiercn added the area-middleware label Oct 24, 2019

jkotalik added this to the Backlog milestone Oct 31, 2019

jkotalik closed this as completed Oct 31, 2019

ghost locked as resolved and limited conversation to collaborators Dec 2, 2019

JunTaoLuo added the area-servers label Jan 28, 2021

amcasey added area-middleware and removed area-runtime labels Jun 2, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

configurable authorization header checking in ResponseCachingPolicyProvider #15359

configurable authorization header checking in ResponseCachingPolicyProvider #15359

namnik commented Oct 24, 2019 •

edited

Loading

jkotalik commented Oct 31, 2019

configurable authorization header checking in ResponseCachingPolicyProvider #15359

configurable authorization header checking in ResponseCachingPolicyProvider #15359

Comments

namnik commented Oct 24, 2019 • edited Loading

jkotalik commented Oct 31, 2019

namnik commented Oct 24, 2019 •

edited

Loading