satispress icon indicating copy to clipboard operation
satispress copied to clipboard

Published 20 hours ago verified publisher icon cedaro

Cache-control headers

Open ethanclevenger91 opened this issue 1 year ago • 1 comments

Had an issue where a host was caching the packages.json endpoint after Composer was able to successfully connect. Subsequent unauthenticated requests, even in-browser, would succeed.

Looking at the response headers, I see that if an unauthorized hit is made, a Cache-Control: no-cache header is returned, presumably because this is a default WP page and WP handles it.

But successful requests to the packages.json endpoint do not return a Cache-Control: no-cache header, and it seems like they should, since this endpoint requires authentication. Should all requests to SatisPress return no-cache headers to signal to services that are eagerly caching endpoints (especially those that present as static content, i.e. a JSON file) not to cache these endpoints?

Thoughts on this? I could look into a PR if someone can verify I'm not crazy.

ethanclevenger91 avatar Jun 12 '23 16:06 ethanclevenger91