Pet*_*ter 25 authentication rest caching-proxy
考虑以下场景:
在这种情况下,可以像Squid一样使用缓存代理吗?代理只会看到URL /文章,因此它可能会返回仅对生成缓存的第一个用户有效的文章列表.请求URL /文章的其他用户可以看到他们无权访问的文章,当然这是不可取的.
我应该滚动自己的缓存还是可以配置一些缓存代理软件以将其缓存基于授权HTTP标头?
yfe*_*lum 29
尝试的一种可能性是使用Vary: Authorization响应头来指示下游缓存通过根据请求的Authorization头部改变缓存的文档来注意缓存.
如果使用响应压缩,您可能已经在使用此标头.用户通常请求具有标题的资源Accept-Encoding: gzip, deflate; 如果服务器被配置为支持压缩,则响应可能附带的头Content-Encoding: gzip和Vary: Accept-Encoding了.
Fre*_*eek 11
通过HTTP/1.1 RFC部分14.8(http://tools.ietf.org/html/rfc2616#section-14.8):
When a shared cache (see section 13.7) receives a request
containing an Authorization field, it MUST NOT return the
corresponding response as a reply to any other request, unless one
of the following specific exceptions holds:
1. If the response includes the "s-maxage" cache-control
directive, the cache MAY use that response in replying to a
subsequent request. But (if the specified maximum age has
passed) a proxy cache MUST first revalidate it with the origin
server, using the request-headers from the new request to allow
the origin server to authenticate the new request. (This is the
defined behavior for s-maxage.) If the response includes "s-
maxage=0", the proxy MUST always revalidate it before re-using
it.
2. If the response includes the "must-revalidate" cache-control
directive, the cache MAY use that response in replying to a
subsequent request. But if the response is stale, all caches
MUST first revalidate it with the origin server, using the
request-headers from the new request to allow the origin server
to authenticate the new request.
3. If the response includes the "public" cache-control directive,
it MAY be returned in reply to any subsequent request.
| 归档时间: |
|
| 查看次数: |
4506 次 |
| 最近记录: |