Explicitly disable caching for REST services

rest http-caching

10,928

Solution 1

Short: yes, caches may cache the response even if no explicit controls are present, you need to explicitly disallow it.

The HTTP caching specification Section 3 lists when the response is forbidden to be cached. It suggests that the response may be cached as long as the response code is cacheable. A list of cacheable response codes is in the HTTP specification section 6.1:

Responses with status codes that are defined as cacheable by default (e.g., 200, 203, 204, 206, 300, 301, 404, 405, 410, 414, and 501 in this specification) can be reused by a cache with heuristic expiration unless otherwise indicated by the method definition or explicit cache controls...

"Heuristic expiration" is defined as the expiration time assigned when no explicit controls are present. (HTTP caching specification section 4.2.)

Solution 2

I think it's disabled by default. There are mechanisms though to enable caching to enhance performance:

Here's a good explanation with examples how to enable caching:

[Source: Heroku Dev Center]

Time-based cache headers

In HTTP 1.1 the Cache-Control header specifies the resource caching behavior as well as the max age the resource can be cached. As an example, this response would be cached for one day:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: private, max-age=86400
Last-Modified: Thu, 07 Feb 2013 11:56 EST
Here is a list of all the available Cache-Control tokens and their meaning:

private only clients (mostly the browser) and no one else in the chain (like a proxy) should cache this

public any entity in the chain can cache this

no-cache should not be cached anyway

no-store can be cached but should not be stored on disk (most browsers will hold the resources in memory until they will be quit)

no-transform the resource should not be modified (for example shrink image by proxy)

max-age how long the resource is valid (measured in seconds)

s-maxage same like max-age but this value is just for non clients

And here an example with CDI Cache Control annotation:

[Source: abhirockzz.wordpress.com]

@Path("/testcache")
public class RESTfulResource {
    @Inject
    @CachControlConfig(maxAge = 20)
    CacheControl cc;

    @GET
    @Produces("text/plain")
    public Response find() {
        return Response.ok(UUID.randomUUID().toString()).cacheControl(cc).build();
    }
}

10,928

Author by

wujek

Updated on June 07, 2022

Comments

wujek almost 2 years
I am to apply Cache-Control: must-revalidate,no-cache,no-store to all responses from out backend REST services. I have two questions about it:
- Is it common to do so? For some reason I was under the impression that it's not necessary, but I have no source to back this claim (yet).
- Is the value I mentioned above really sufficient, or should I set more?
Edit: found this: https://devcenter.heroku.com/articles/increasing-application-performance-with-http-cache-headers#cache-prevention. Is says browsers may choose to cache when nothing is explicitly configured, so it means yes, it should be configured if I want to make sure cache is disabled.
wujek over 7 years

Thank you, I will read the links. Just one thing: 'I think' is not really a good answer.
ACV over 7 years

No problem. Mark it accordingly :)