Explicitly disable caching for REST services
Solution 1
Short: yes, caches may cache the response even if no explicit controls are present, you need to explicitly disallow it.
The HTTP caching specification Section 3 lists when the response is forbidden to be cached. It suggests that the response may be cached as long as the response code is cacheable. A list of cacheable response codes is in the HTTP specification section 6.1:
Responses with status codes that are defined as cacheable by default (e.g., 200, 203, 204, 206, 300, 301, 404, 405, 410, 414, and 501 in this specification) can be reused by a cache with heuristic expiration unless otherwise indicated by the method definition or explicit cache controls...
"Heuristic expiration" is defined as the expiration time assigned when no explicit controls are present. (HTTP caching specification section 4.2.)
Solution 2
I think it's disabled by default. There are mechanisms though to enable caching to enhance performance:
Here's a good explanation with examples how to enable caching:
[Source: Heroku Dev Center]
Time-based cache headers
In HTTP 1.1 the
Cache-Control
header specifies the resource caching behavior as well as the max age the resource can be cached. As an example, this response would be cached for one day:HTTP/1.1 200 OK Content-Type: application/json Cache-Control: private, max-age=86400 Last-Modified: Thu, 07 Feb 2013 11:56 EST
Here is a list of all the available
Cache-Control
tokens and their meaning:
private
only clients (mostly the browser) and no one else in the chain (like a proxy) should cache thispublic
any entity in the chain can cache thisno-cache
should not be cached anywayno-store
can be cached but should not be stored on disk (most browsers will hold the resources in memory until they will be quit)no-transform
the resource should not be modified (for example shrink image by proxy)max-age
how long the resource is valid (measured in seconds)s-maxage
same like max-age but this value is just for non clients
And here an example with CDI Cache Control annotation:
[Source: abhirockzz.wordpress.com]
@Path("/testcache") public class RESTfulResource { @Inject @CachControlConfig(maxAge = 20) CacheControl cc; @GET @Produces("text/plain") public Response find() { return Response.ok(UUID.randomUUID().toString()).cacheControl(cc).build(); } }
wujek
Updated on June 07, 2022Comments
-
wujek almost 2 years
I am to apply
Cache-Control: must-revalidate,no-cache,no-store
to all responses from out backend REST services. I have two questions about it:- Is it common to do so? For some reason I was under the impression that it's not necessary, but I have no source to back this claim (yet).
- Is the value I mentioned above really sufficient, or should I set more?
Edit: found this: https://devcenter.heroku.com/articles/increasing-application-performance-with-http-cache-headers#cache-prevention. Is says browsers may choose to cache when nothing is explicitly configured, so it means yes, it should be configured if I want to make sure cache is disabled.
-
wujek over 7 yearsThank you, I will read the links. Just one thing: 'I think' is not really a good answer.
-
ACV over 7 yearsNo problem. Mark it accordingly :)