缓存控制:在 IIS7 + ASP.NET MVC 中，没有存储、必须重新验证未发送到客户端浏览器 [英] Cache-control: no-store, must-revalidate not sent to client browser in IIS7 + ASP.NET MVC

问题描述

我试图确保某个页面永远不会被缓存，并且当用户单击后退按钮时永远不会显示.这个评价很高的答案(目前有 1068 个赞)说要使用:

I am trying to make sure that a certain page is never cached, and never shown when the user clicks the back button. This very highly rated answer (currently 1068 upvotes) says to use:

Response.AppendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
Response.AppendHeader("Pragma", "no-cache");
Response.AppendHeader("Expires", "0");

但是在 IIS7/ASP.NET MVC 中，当我发送这些标头时，客户端会看到这些响应标头:

However in IIS7 / ASP.NET MVC, when I send those headers then the client sees these response headers instead:

Cache-control: private, s-maxage=0 // that's not what I set them to
Pragma: no-cache
Expires: 0

缓存控制标头发生了什么?IIS7 或 ASP.NET 原生的东西会覆盖它吗?我检查了我的解决方案，但没有覆盖此标头的代码.

What happened to the cache-control header? Does something native to IIS7 or ASP.NET overwrite it? I have checked my solution and I have no code that overwrites this header.

当我首先添加 Response.Headers.Remove("Cache-Control"); 时，没有区别:

When I add Response.Headers.Remove("Cache-Control"); first, it makes no difference:

Response.Headers.Remove("Cache-Control");
Response.AppendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
Response.AppendHeader("Pragma", "no-cache");
Response.AppendHeader("Expires", "0");

当我添加 [OutputCache] 属性时:

[OutputCache(Location = OutputCacheLocation.None)]
public ActionResult DoSomething()
{
   Response.Headers.Remove("Cache-Control");
   Response.AppendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
   Response.AppendHeader("Pragma", "no-cache");
   Response.AppendHeader("Expires", "0");

   var model = DoSomething();
   return View(model);
}

然后客户端响应头变为:

Then the client response headers change to:

Cache-control: no-cache
Pragma: no-cache
Expires: 0

哪个更接近，但仍然不是我要发送的标头.这些标头在哪里被覆盖，我该如何阻止它?

Which is closer, but still not the headers that I want to send. Where are these headers getting overridden and how can I stop it?

我已经检查并且错误的标头被发送到 Chrome、FF、IE 和 Safari，所以它看起来是服务器问题而不是浏览器相关问题.

I have checked and the incorrect headers are being sent to Chrome, FF, IE and Safari, so it looks to be a server problem not a browser related problem.

推荐答案

经过反复试验，我发现在 ASP.NET MVC 中为 IIS7 正确设置标头的一种方法是:

Through trial and error, I have found that one way to set the headers correctly for IIS7 in ASP.NET MVC is:

Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.AppendCacheExtension("no-store, must-revalidate");
Response.AppendHeader("Pragma", "no-cache");
Response.AppendHeader("Expires", "0");

第一行设置Cache-control为no-cache，第二行添加其他属性no-store, must-revalidate.

The first line sets Cache-control to no-cache, and the second line adds the other attributes no-store, must-revalidate.

这可能不是唯一的方法，但如果更直接 Response.AppendHeader("Cache-control", "no-cache, no-store, must-revalidate"); 失败.

This may not be the only way, but does provide an alternative method if the more straightforward Response.AppendHeader("Cache-control", "no-cache, no-store, must-revalidate"); fails.

其他相关的 IIS7 缓存控制问题可能由此解决:

Other related IIS7 cache-control questions that may be solved by this are:

• 某些东西迫使响应具有缓存控制:IIS7 中的私有
• IIS7:缓存设置不起作用...为什么?
• IIS7 + ASP.NET MVC 客户端缓存标头不起作用
• 为 aspx 页面设置缓存控制
• 缓存控制:无存储，必须重新验证未发送到 IIS7 + ASP.NET MVC 中的客户端浏览器

这篇关于缓存控制:在 IIS7 + ASP.NET MVC 中，没有存储、必须重新验证未发送到客户端浏览器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！