Caching headers for static content: cache-control: private is send for authenticated users?

Vote:
 

Hi everybody.

We have setup caching for static content as described in https://world.episerver.com/documentation/developer-guides/digital-experience-platform/development-considerations/cdn-recommendations/, and it works fine for anonymous users. However, when a user is logged in to Episerver cache-control:private is send in the response instead.

As we are using authentication for our end-users (we are provinding an extranet), it does not make any sense for us not to cache static content for those users.

Anyone who knows why cache-control: private is used by Episerver when a user is authenticated?

Our relevante sections in web.config are as follows:

<staticContent>
      <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" setEtag="false" />
      <remove fileExtension=".woff" />
      <remove fileExtension=".woff2" />
      <remove fileExtension=".otf" />
      <remove fileExtension=".ttf" />
      <remove fileExtension=".svg" />
      <remove fileExtension=".eot" />
      <remove fileExtension=".json" />
      <mimeMap fileExtension=".woff" mimeType="application/font-woff" />
      <mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
      <mimeMap fileExtension=".otf" mimeType="application/x-font-opentype" />
      <mimeMap fileExtension=".ttf" mimeType="application/octet-stream" />
      <mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
      <mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
      <mimeMap fileExtension=".json" mimeType="application/json" />
    </staticContent>
    <caching>
      <profiles>
        <add extension=".gif" policy="DontCache" kernelCachePolicy="CacheUntilChange" duration="0.00:30:00" location="Any" />
        <add extension=".png" policy="DontCache" kernelCachePolicy="CacheUntilChange" duration="0.00:30:00" location="Any" />
        <add extension=".js" policy="DontCache" kernelCachePolicy="CacheUntilChange" duration="0.00:30:00" location="Any" />
        <add extension=".css" policy="DontCache" kernelCachePolicy="CacheUntilChange" duration="0.00:30:00" location="Any" />
        <add extension=".jpg" policy="DontCache" kernelCachePolicy="CacheUntilChange" duration="0.00:30:00" location="Any" />
        <add extension=".jpeg" policy="DontCache" kernelCachePolicy="CacheUntilChange" duration="0.00:30:00" location="Any" />
      </profiles>
    </caching>
#223226
May 22, 2020 6:56
Vote:
 

Hi Peter

The configurations you posted applies to "real" static files, as in typical frontend bundles located in the website package.

Asset files from Episerver has a different behaviour. But you can easily change the behaviour of Episever assets file caching to be be either private, public or a hybrid (the default).

The feature is documented here, but the configuration entries are not added to web.config by default. So you will have to mix it into your web.config, like this:

<configuration>
  <configSections>
    <section name="staticFile" type="EPiServer.Framework.Configuration.StaticFileSection, EPiServer.Framework.AspNet"/>
  </configSections>
  <staticFile cacheControl="public" enableOutputCache="false" expirationTime="12:0:0" />
</configuration>
#223228
May 22, 2020 8:39
Vote:
 

Thank you Stefan.

I actually already had the following in my config file - but it didn't include the cacheControl property.

<staticFile expirationTime="365:0:0" />

Would it make sense to limit it to certain locations?

  <location path="globalassets">
    <staticFile expirationTime="365.00:00:00" cacheControl="Public"/>
  </location>
  <location path="siteassets">
    <staticFile expirationTime="365.00:00:00" cacheControl="Public"/>
  </location>
#223230
May 22, 2020 8:52
Vote:
 

Hi Peter

This setting applies globally to the asset handler, so it cannot be limited to specific paths.

#223231
May 22, 2020 8:54
Vote:
 

Hi Stefan.

In https://support.episerver.com/hc/en-us/articles/360006594552-Configure-browser-caching-in-DXC-Azure-environment they use locations?:

The below setting may also be needed if you want to leverage the globalasset's static files
<configuration>
        ...
        <location path="GlobalAssets">
                <staticFile expirationTime="7.00:00:00" cacheControl="Public"/>
        </location>
</configuration>
#223232
May 22, 2020 9:01
Stefan Holm Olsen - May 22, 2020 9:07
Then it should work, as you write.
But the setting would already apply globally to globalassets, and siteassets. So, unless you have some specific needs, it should not be necessary to specify subfolders by using location elements.
Vote:
 

Just an FYI: By making the cache control public you could end up with access rights protected assets in the CDN. I.e. after a user has requested a protected asset, then ALL users can access it. You basically have to purge the CDN to get rid of it. 

#223238
May 22, 2020 13:25
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.