拥有 HTTP 标头“Cache-Control: public"的风险是什么? [英] What is the risk of having HTTP header "Cache-Control: public"?
问题描述
Cache-Control HTTP/1.1 header可以指定max-age以及缓存内容是public还是private,表示中间缓存是否可以缓存内容.
The Cache-Control HTTP/1.1 header can specify max-age as well as whether the cache content can be public or private, indicating whether intermediate cache can cache the content.
例如,Ruby on Rails 的 expires_in() 默认使用 Cache-Control: private
For example, Ruby on Rails's expires_in() defaults to using Cache-Control: private
公开有什么风险?如果是公开的,哪些额外的地方可以缓存内容——例如是代理服务器吗?
What is the risk of making it public? If it is public, which extra places can cache the content -- would it be a proxy server, for example?
如果网站像 Amazon.com,但用户是匿名的,那么可能没有太大的隐私问题?如果用户登录了,会不会有隐私问题,因为数据会通过地方并且数据是可见的.如果那个位置想坏",它真的不需要关心 Cache-Control: private 反正.
What if the website is like Amazon.com, but the user is anonymous, then probably there is not much privacy issue? What if the user is logged in, could there be privacy issue, because the data passes through places and the data is visible. If that location wants to be "bad", it really doesn't need to care about the Cache-Control: private anyway.
如果它是一个用户可以登录的网站,但该网站只搜索鱼油和维生素等保健品.在这种情况下,涉及的隐私就更少了,因为它不像 Amazon.com 有更多种类的产品,例如用户可以真正关心隐私问题的书籍.
What if it is a website where user can be logged in, but the website only search for health products like fish oil and vitamins, and so forth. In that case, there is even less privacy involved because it is unlike Amazon.com where there are a lot more variety of products such as books for which a user can really care more about privacy issue.
话虽如此,拥有 Cache-Control: public 的额外优势是什么?
Having said that, what is the additional advantage of have Cache-Control: public?
推荐答案
Cache-Control: Public 的问题是响应可能被缓存并显示给不同的用户.如果您有一个显示私人数据的经过身份验证的应用程序,这将是一个问题.一般来说,您应该只将 public 用于静态页面,或者无论是什么用户发出请求都返回相同数据的页面.
The problem with Cache-Control: Public is that the response may be cached and displayed to a different user. This is a problem if you have an authenticated application that is displaying private data. In general, you should only use public for static pages, or pages that return the same data no matter what user is making the request.
这篇关于拥有 HTTP 标头“Cache-Control: public"的风险是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
