We have the "cache-control" setting as "public" in httpd.conf
Header set Cache-Control "public"
But from the page we are trying to not cache it, hence we are setting the header as
<meta http-equiv="cache-control" content="no-cache, no-store, must-revalidate">
<cfheader name="Cache-Control" value="no-cache,no-store,must-revalidate">
But we found that, it always takes the cache-control setting from httpd.conf
Is there any way to override the header setting in httpd.conf from page level.
Note: "cfheader" is a ColdFusion tag to generates custom HTTP response headers to return to the client.
Related
I am running my apache on http://localhost:8083 and i am calling an API hosted on local box i.e. http://localhost:8082
I want to map http://localhost:8083/test-call/abc/authorize call to actual service call i.e. http://localhost:8082/TestCall/abc/authorize.
I have rewrite engine as follows in httpd.conf file:
RewriteEngine on
RewriteRule "^/test-call/(.*)$" "http://localhost:8082/TestCall/$1"
I can see that the call is being mapped correctly from developer console of chrome i.e. http://localhost:8082/TestCall/abc/authorize and i have disabled CORS on my browser as i am testing the API call only.
I have added the following headers in my httpd.conf file:
Header set Access-Control-Allow-Origin "http://localhost:8083"
Header always set Access-Control-Allow-Headers "Authorization, X-Requested-With, Content-Type, content-type, x-requested-with, Accept, Access-Control-Allow-Origin, Cache-Control"
Header always set Cache-Control "no-cache, no-store, must-revalidate"
Header always set Access-Control-Allow-Methods "GET, POST, DELETE, HEAD, OPTIONS"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "3600"
Header always set REMOTE_USER "abc.def#db.com"
It's a react application and the bundles are getting loaded correctly with the specified headers above and also the REMOTE_USER is getting added to the REPONSE_HEADERS but for the rewritten URL, the headers are not getting applied.
I want to pass the REMOTE_USER header in the API call after rewrite/redirect.
I have enabled mod_headers and mod_rewrite.
What am i missing?
What I tried to do is to embed an iframe into a website and was faced with Content Security Policy.
I know this question was asked before, but I couldn’t find any working solution.
Error message:
Content security policy: 'x-frame-options' will affect because of 'frame-ancestors' directive.
What I tried so far, using the Apache module “mod_headers”:
Header unset X-Frame-Options Header unset Content-Security-Policy
Header always set Content-Security-Policy "frame-ancestors 'self';"
Header always set X-Frame-Options "SAMEORIGIN"
Header always setX-Frame-Options "ALLOW-FROM https://mydomain”
Any idea to get iframes embed, though Content security policy?
We've build an application with vueJs using Quasar Framework
But after each rebuild (with quasar build command executed by a gitlab runner) our main index.html file isn't reload properly by client's browser (seems it's more chrome than other browser who's keeping the index.html in cache)
In our application we have many css and js file named like that for example :
app.34456435fdfe.js
vendor.4325gfd.js
runtime.ksdj424.js
The app file js and the runtime file js change properly but the older version still stay in cache client browser loaded because the index.html version loading those files isn't the last (but those store in the cache browser)
I explain :
First build make an app.0000000.js (for exemple) and a runtime.0123456.js
The second make an app.000001.js and a runtime.654321.js
But the two first version still loading in broswer (due to the index.html file cached) so the client is stuck on a white page (because app.0000000.js still not exist it return an 404)
How can we force to clear the cache ?
In the index.html file of quasar we’ve adding this :
<meta http-equiv=“cache-control” content=“no-cache, no-store, private, must-revalidate, post-check=0, pre-check=0”>
<meta http-equiv=“cache-control” content=“max-age=0”>
<meta http-equiv=“expires” content=“0”>
<meta http-equiv=“expires” content=“Tue, 01 Jan 1980 1:00:00 GMT”>
<meta http-equiv=“pragma” content=“no-cache”>
We have an .htaccess too with :
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType text/html M0
</IfModule>
<IfModule mod_headers.c>
<filesMatch "\.(html|htm|js|css)$">
FileETag None
Header unset ETag
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0
</filesMatch>
Header unset ETag
Header unset Last-Modified
</IfModule>
And in the httpd.conf file we have added this :
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType text/html M0
</IfModule>
It's seems working properly on Safari and Firefox but on chrome we still have "Loaded from disk cache"
Chrome debug tool
More debug tool
Header properly set
This issue we're facing is a real problem, we will use service-worker in few weeks but we need a solution for clearing cache properly until we develop SW (no caching html will be better)
Thanks ! (And sorry for my english)
NB :
I've tried that : How to control web page caching, across all browsers?
And that : VueJS/browser caching production builds (similar problem)
I'm using an htaccess rule to proxy to an internal server, using the answer recommended on this question, "Can ProxyPass and ProxyPassReverse Work in htaccess". I'm using htaccess as that is all I have access to. The method suggested works, but when I make a change on one of the internal pages and reload (from the external server) I don't even see it hitting the internal server, even after clearing the cache on the browser. In fact, if I try to load the page from another browser which never has tried to load the page before, it too gets the old copy.
This suggests something is being cached on the server, but how to change this? The apparent caching is rather annoying as I am trying to fix some issues that only occur on the proxied page.
If I hit the internal server directly and reload after a change, I always get the latest page.
I have tried a <filesMatch ...> rule for the affected pattern (using the same pattern as used in the RewriteRule in the following manner:
<filesMatch "^/?somedir/(.*)$">
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
</filesMatch>
My rewrite rule looks like this, and comes after the filesMatch directive:
RewriteEngine On
RewriteRule ^/?somedir/(.*)$ https://internal.local.net:8000/$1 [L,P]
But this has not had any effect. I have also tried "NoCache *" but this directive causes an error as it is not allowed in an .htaccess file.
The P-flag in your RewriteRule causes the request to be proxied to the internal server using mod_proxy. mod_proxy by itself does not cache content. The caching is probably a result of mod_cache being enabled as well on the server. The settings you need to disable caching for your internal server can unfortunately only be done in server or virtual-host config. The solution would be to add what you tried to the configuration of the internal server thus telling mod_cache that it should not cache any response from your internal server:
Using .htaccess
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
or PHP
header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1.
header('Pragma: no-cache'); // HTTP 1.0.
header('Expires: 0'); // Proxies.
Try adding this in an htaccess file in your "somedir" directory:
ExpiresActive On
ExpiresDefault "now"
We have an application that allows users to add/edit/replace/delete content (text, images, swfs, mp3s, etc). We want the admins to always have the latest updated files by using a no-cache header and when a user runs the application, everything gets/uses the cache.
I have looked into solutions and have tried using html meta tags like:
<meta http-equiv="expires" content="0" />
<meta http-equiv="cache-control" content="no-cache, no-store" />
<meta http-equiv="pragma" content="no-cache" />
But that doesn't seem to be a good solution as this happens after the headers are created and doesn't change the media (images, swfs, mp3s, etc) headers.
I wanted to use apache to set the headers and came across this code for this site:
<filesMatch "\.(html|htm|js|css)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</filesMatch>
This seems to be a great solution, however the only real difference between when we need it cached and when it shouldn't be cached is the URL (preview.jsp vs run.jsp), so we can't match it by file type as most files are the same.
Does anyone have a good solution for this type of scenario?
Thanks.
EDIT:
Preview.jsp and run.jsp basically are the same only with different jsp and js processing. They read in the same content and media through an iframe. For example, they each look like:
<%
//Some JSP
%>
/* HTML Headers, JS, ETC */
<iframe id="contentFrame" seamless="1" src="http://somedomain.com/template.html"></iframe>
/* End HTML */
preview.jsp and run.jsp appear in the same directory and use all the same resources. I am looking for a solution to have preview.jsp not to cache anything and run.jsp to cache things.
Server is setup with Apache Tomcat.
A combination of SetEnvIf and Header might do the trick:
# Image, CSS and JavaScript requests normally contain the Referer header
# which tells apache which page is requesting the resource
# Use SetEnvIf directive to set a flag for internal uses
SetEnvIf Referer preview\.jsp force_no_cache
# Header directive optionally accepts env= argument
# If present, the directive is fired if the flag is set
Header unset ETag env=force_no_cache
# repeat for other headers
You can set up corresponding headers in your Java servlet. Apache mod_headers is mostly supposed to work for static resources, managed by Apache. While everything that is provided by application servers is managed on the AS side.
Usually, you can use Filters for this purpose. Here is an example: http://www.tidytutorials.com/2009/11/adding-headers-to-requests-in-filters.html