Given a response from a web server that contains an Authorization header according to the OAuth specification, HTTP caching might not be useful?
Request1 Authorization : AUTHTOKEN Request2 Authorization : ANOTHERAUTOTOKEN
In this case, when caching HTTP, the second request returns a cached response for the first user. This is not a problem for content that is common to all users, but it is not, because a shared cache should provide responses to other users.
Similarly, if we must use the Vary header and change to Authorization , this means that our cache will store a cached copy of the token, which will certainly defeat the purpose of HTTP caching. The local browser cache (private) will work fine, but it will still mean a request for origin from each user at least once per session.
Edit
This service requires authorization for all requests, but based on what I read, responses from the shared cache containing authorization headers should not be performed if there should not be revalidate, public and s-maxage.,
Thus, my question, given the API, which has both general (the answers are the same for all users) and user responses, is it even possible to cache? If s-maxage and public headers, but the authorization header will mean that the cache will allow UserA's response to UserB, UserC, etc., if I follow the RFC correctly.
Finglas
source share