避免缓存 http 响应 [英] Avoid caching of the http responses

问题描述

避免任何类型的 http 数据缓存的最终解决方案是什么?我们可以修改客户端和服务器 - 所以我认为我们可以在客户端和服务器之间拆分任务.

What is the definitive solution for avoid any kind of caching of http data? We can modify the client as well as the server - so I think we can split the task between client and the server.

Client 可以向每个请求附加一个随机参数 http://URL/path?rand=6372637263 - 我的感觉是，仅使用这种方式是行不通的100% - 可能有一些智能代理，可以检测到......另一方面，我认为如果 URL 与前一个不同，代理不能简单地决定发回一些缓存回应.

Client can append to each request a random parameter http://URL/path?rand=6372637263 – My feeling is that using only this way it is not working 100% - might be there are some intelligent proxies, which can detect that… On the other side I think that if the URL is different from the previous one, the proxy cannot simply decide to send back some cached response.

在服务器上可以控制一堆HTTP头:

On server can control a bunch of HTTP headers:

Expires: Tue, 03 Jul 2001 06:00:00 GMT
Last-Modified: {now} GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache

对此有何评论，最好的方法是什么?

Any comments to this, what is the best approach?

推荐答案

服务器端缓存控制标头应如下所示:

Server-side cache control headers should look like:

Expires: Tue, 03 Jul 2001 06:00:00 GMT
Last-Modified: {now} GMT
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate

避免在客户端重写 URL，因为它会污染缓存，并导致其他奇怪的语义问题.此外:

Avoid rewriting URLs on the client because it pollutes caches, and causes other weird semantic issues. Furthermore:

• 使用一个 Cache-Control 标头(参见 rfc 2616) 因为具有多个条目的行为是未定义的.此外，第二个缓存控制中的 MSIE 特定条目是 充其量是多余的.

• Use one Cache-Control header (see rfc 2616) because behaviour with multiple entries is undefined. Also the MSIE specific entries in the second cache-control are at best redundant.

no-store 是关于数据安全的.(这只是意味着不要将其写入磁盘 - 仍然允许缓存将响应存储在内存中).

no-store is about data security. (it only means don't write this to disk - caches are still allowed to store the response in memory).

Pragma: no-cache 在服务器响应中是没有意义的 - 它是一个请求标头，意味着接收请求的任何缓存都必须将其转发到源.

Pragma: no-cache is meaningless in a server response - it's a request header meaning that any caches receiving the request must forward it to the origin.

同时使用 Expires (http/1.0) 和 cache-control (http/1.1) 不是多余的，因为存在只说 http/1.0 的代理，否则会降级协议.

Using both Expires (http/1.0) and cache-control (http/1.1) is not redundant since proxies exist that only speak http/1.0, or will downgrade the protocol.

从技术上讲，鉴于no-cache，最后修改的标头是多余的，但最好将其保留在那里.

Technically, the last modified header is redundant in light of no-cache, but it's a good idea to leave it in there.

有些浏览器在遇到不认识的指令后会忽略缓存控制标头中的后续指令 - 所以把重要的东西放在第一位.

Some browsers will ignore subsequent directives in a cache-control header after they come across one they don't recognise - so put the important stuff first.

这篇关于避免缓存 http 响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！