guzzle-cache-middleware icon indicating copy to clipboard operation
guzzle-cache-middleware copied to clipboard

Published 20 hours ago verified publisher icon Kevinrob

Requests with `Authorization` header should not be cached according to HTTP Caching RFC

Open iliayatsenko opened this issue 1 year ago • 0 comments

According to HTTP Caching RFC, requests containing Authorization header should not be cached, unless several special directives (must-revalidate, public and s-maxage) explicitly allow it.

And in current implementation request containing Authoirization header is cached despite the response contains header Cache-Control with value max-age=7200 (no directives allowing caching of authenticated requests).

Middleware configuration:

$handler->push(
    new CacheMiddleware(
        new PublicCacheStrategy(
            new DoctrineCacheStorage(
                DoctrineProvider::wrap(
                    new FilesystemAdapter('http_cache', 0, $cacheDir)
                )
            )
        )
    ),
    'http_cache'
);

Request headers:

Authorization: Bearer .....

Response headers:

Cache-control: max-age=7200

Possibly, implementation should be adjusted to RFC, or this discrepancy should be documented. Thanks a lot.

iliayatsenko avatar Oct 19 '24 19:10 iliayatsenko