You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The no-cache response directive indicates that the response can be stored in caches, but the response must be validated with the origin server before each reuse, even when the cache is disconnected from the origin server.
I believe without including an ETag or Last-modified header in the response this won't actually allow for caching, but this does seem like a surprising default. It's easy to imagine someone inadvertently adding a last-modified or etag and enabling caching of supposed-to-be-private data.
The EventSource spec requires "cache-control: no-store" (note: not no-cache) which also indicates the expectation is to bypass caches entirely, but if a client isn't using EventSource that won't take effect.
My questions/issues: Is this header default intentional, or was it intended to be no-store?
The text was updated successfully, but these errors were encountered:
sse-starlette sets
cache-control: no-cacheas a default response header.I was surprised to learn that this doesn't mean "do not cache", but rather that it should be cached, but revalidated before serving a response:
I believe without including an ETag or Last-modified header in the response this won't actually allow for caching, but this does seem like a surprising default. It's easy to imagine someone inadvertently adding a last-modified or etag and enabling caching of supposed-to-be-private data.
The EventSource spec requires "cache-control: no-store" (note: not no-cache) which also indicates the expectation is to bypass caches entirely, but if a client isn't using EventSource that won't take effect.
My questions/issues: Is this header default intentional, or was it intended to be no-store?
The text was updated successfully, but these errors were encountered: