shreemaan-abhishek commented on code in PR #13350:
URL: https://github.com/apache/apisix/pull/13350#discussion_r3226073074
##########
apisix/plugins/proxy-cache/memory_handler.lua:
##########
@@ -170,14 +170,27 @@ local function cacheable_response(conf, ctx, cc)
end
end
- if conf.cache_control and (cc["private"] or cc["no-store"] or
cc["no-cache"]) then
+ -- Always honor upstream Cache-Control directives that mark the response as
+ -- non-shared/non-storable, regardless of the conf.cache_control flag. The
+ -- flag governs request-side semantics; upstream response directives are a
+ -- safety contract the application uses to mark personalized content.
+ if cc["private"] or cc["no-store"] or cc["no-cache"] then
Review Comment:
`cache_control` behaviour like this is only in memory_handler, rest of the
caching strategies by default honor the upstream's cache_control header.
moreover, the default `false` value guarantees that upstream's decision on
cache_control is not honored.
thus we should make the caching behaviour consistent across handlers, and be
secure by default.
after removing this `cache_control` field will only interfere with the
request-side behaviour.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
