Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(http): exclude caching for authenticated HTTP requests #54746

Closed
wants to merge 2 commits into from
Closed

fix(http): exclude caching for authenticated HTTP requests #54746

wants to merge 2 commits into from

Conversation

alan-agius4
Copy link
Contributor

This update modifies the transfer cache logic to prevent caching of HTTP requests that require authorization.

Closes: #54745

@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer area: common/http Issues related to HTTP and HTTP Client target: patch This PR is targeted for the next patch release server: http cache labels Mar 7, 2024
@pullapprove pullapprove bot requested a review from alxhub March 7, 2024 13:03
@ngbot ngbot bot added this to the Backlog milestone Mar 7, 2024
@alan-agius4 alan-agius4 requested review from AndrewKushnir and removed request for alxhub March 7, 2024 13:04
@alan-agius4
fix(http): exclude caching for authenticated HTTP requests
dc72975 
This update modifies the transfer cache logic to prevent caching of HTTP requests that require authorization.

Closes: angular#54745
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Mar 7, 2024
@atscott
Copy link
Contributor

atscott commented Mar 7, 2024

This PR was merged into the repository by commit 2258ac7.

atscott pushed a commit that referenced this pull request Mar 7, 2024
@alan-agius4 @atscott
fix(http): exclude caching for authenticated HTTP requests (#54746)
8d37ed0 
This update modifies the transfer cache logic to prevent caching of HTTP requests that require authorization.

Closes: #54745

PR Close #54746
atscott pushed a commit that referenced this pull request Mar 7, 2024
@alan-agius4 @atscott
fix(http): exclude caching for authenticated HTTP requests (#54746)
359408e 
This update modifies the transfer cache logic to prevent caching of HTTP requests that require authorization.

Closes: #54745

PR Close #54746
@atscott atscott closed this in 2258ac7 Mar 7, 2024
@alan-agius4 alan-agius4 deleted the http-cache-auth branch March 7, 2024 19:01
@robertIsaac
Copy link
Contributor

why this isn't marked as breaking change?
a lot of application always send authentication header no matter if the API requires it or not
now they need to handle it in the interceptor
and I think this should optional so developers can opt to it or not

@tylerstarcher
Copy link

Adding to above, for enterprise level applications, a lot of API's require header authentication as a basic way to protect the API. If the request is authenticated on the server side, why prevent it from being utilized on the client side? Personally, this has crushed our use of hydration and taken away all of the goodness until it is configurable.

@tylerstarcher tylerstarcher mentioned this pull request Mar 25, 2024
Closed
@alan-agius4 alan-agius4 restored the http-cache-auth branch March 25, 2024 16:07
@alan-agius4 alan-agius4 deleted the http-cache-auth branch March 25, 2024 16:11
alan-agius4 added a commit to alan-agius4/angular that referenced this pull request Mar 25, 2024
@alan-agius4
Revert "fix(http): exclude caching for authenticated HTTP requests (a…
9efec5a 
…ngular#54746)"

This reverts commit 2258ac7.

Closes: angular#55031
alan-agius4 added a commit to alan-agius4/angular that referenced this pull request Mar 25, 2024
@alan-agius4
Revert "fix(http): exclude caching for authenticated HTTP requests (a…
07e93b2 
…ngular#54746)"

This reverts commit 2258ac7.

Closes: angular#55031
@AndrewKushnir AndrewKushnir mentioned this pull request Mar 25, 2024
Closed
alan-agius4 added a commit to alan-agius4/angular that referenced this pull request Mar 25, 2024
@alan-agius4
Revert "fix(http): exclude caching for authenticated HTTP requests (a…
0568ea8 
…ngular#54746)"

This reverts commit 2258ac7.

Closes: angular#55031
dylhunn pushed a commit that referenced this pull request Mar 26, 2024
@alan-agius4 @dylhunn
Revert "fix(http): exclude caching for authenticated HTTP requests (#…
8958e0b 
…54746)" (#55033)

This reverts commit 2258ac7.

Closes: #55031

PR Close #55033
dylhunn pushed a commit that referenced this pull request Mar 26, 2024
@alan-agius4 @dylhunn
Revert "fix(http): exclude caching for authenticated HTTP requests (#…
6ea5e21 
…54746)" (#55033)

This reverts commit 2258ac7.

Closes: #55031

PR Close #55033
ilirbeqirii pushed a commit to ilirbeqirii/angular that referenced this pull request Apr 6, 2024
@alan-agius4 @ilirbeqirii
Revert "fix(http): exclude caching for authenticated HTTP requests (a…
c349d6c 
…ngular#54746)" (angular#55033)

This reverts commit 2258ac7.

Closes: angular#55031

PR Close angular#55033
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Apr 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@AndrewKushnir AndrewKushnir AndrewKushnir approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker area: common/http Issues related to HTTP and HTTP Client server: http cache target: patch This PR is targeted for the next patch release
Projects
None yet
Milestone
Backlog
Development

Successfully merging this pull request may close these issues.

provideClientHydration() shouldn't cache HttpClient GET requests with "Authorization" header
5 participants
@alan-agius4 @atscott @robertIsaac @tylerstarcher @AndrewKushnir