如何禁用 http 标头的缓存?
[英]How can I disable cache for http headers?
问题描述
I am reading about HTTP basic authentication .
我正在阅读有关HTTP 基本身份验证的信息。 On the MDN website, it says:在 MDN 网站上,它说:
Because BA header has to be sent with each HTTP request, the web browser needs to cache the credentials for a reasonable period to avoid constant prompting user for the username and password.
However, after I told the chrome postman to send a request without a cached header I still noticed the presence of an authorization field when I logged traffic at the server side:但是,在我告诉chrome 邮递员发送没有缓存标头的请求后,我仍然注意到在服务器端记录流量时存在authorization字段:
{ host: 'localhost:3000',
connection: 'keep-alive',
authorization: 'Basic YWRtaW46cGFzc3dvcmQ=', // why?
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36',
'cache-control': 'no-cache',
'postman-token': '7e458c2d-b11b-026d-809b-68a7cf3d5a37',
....
Then I also tried using just google chrome , but I again saw an authorization field:然后我也尝试只使用google chrome ,但我再次看到一个authorization字段:
{ host: 'localhost:3000',
connection: 'keep-alive',
pragma: 'no-cache',
'cache-control': 'no-cache',
authorization: 'Basic YWRtaW46cGFzc3dvcmQ=', // again
....
Question 1: I disabled cache for both Chrome (I couldn't find the no-cached option , so I just selected "disable cache" in the chrome debugger) and postman (which has an option for "no-cached header"), but they still included the authentication header...why?问题 1:我禁用了Chrome缓存(我找不到no-cached 选项,所以我只是在 Chrome 调试器中选择了“禁用缓存” )和邮递员(它有一个“no-cached header”选项),但它们仍然包含authentication标头......为什么? How can I prevent them from doing this?我怎样才能阻止他们这样做?
Question 2: Same thing happened when I tried to make the client not to send back the Cookie , I even use the clear cookie functionality in chrome history... but I still see its presence in request header.问题 2:当我试图让客户端不发回Cookie时发生了同样的事情,我什至在 Chrome 历史记录中使用了清除 cookie功能......但我仍然在请求标头中看到它的存在。 I assume each header field is cached differently, so how can I manage the cookies?我假设每个标头字段的缓存方式不同,那么如何管理 cookie?
Opening an incognito window will make the browser forget about the authorization and cookie... but only once: subsequent tabs will have these headers.打开隐身窗口将使浏览器忘记授权和 cookie ......但只有一次:后续选项卡将具有这些标题。
1 个解决方案
解决方案1
0 2017-06-09 18:24:59
I noticed the same thing, it's frustrating.我注意到了同样的事情,这令人沮丧。 But you can click the 'Disable Cache' option in the Chrome Network inspector and it will/should remove it (In my case I just needed it to update the cache with a new Auth header).但是您可以单击 Chrome 网络检查器中的“禁用缓存”选项,它将/应该将其删除(在我的情况下,我只需要它来使用新的 Auth 标头更新缓存)。
This is concerning though because if a user logs into an app and the token expires, the app could refresh it and serve the new token to the http client, but Chrome will automatically overwrite it with the expired token...这很令人担忧,因为如果用户登录应用程序并且令牌过期,该应用程序可以刷新它并将新令牌提供给 http 客户端,但 Chrome 会自动用过期的令牌覆盖它......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.