ezelkow1 opened a new issue #7227: URL: https://github.com/apache/trafficserver/issues/7227
Testing for some issues I came across this problem, according to the rfc: https://tools.ietf.org/html/rfc7234#section-3.2 3.2. Storing Responses to Authenticated Requests A shared cache MUST NOT use a cached response to a request with an Authorization header field (Section 4.2 of [RFC7235]) to satisfy any subsequent request unless a cache directive that allows such responses to be stored is present in the response. In this specification, the following Cache-Control response directives (Section 5.2.2) have such an effect: must-revalidate, public, and s-maxage. I tested here having s-maxage on a cached object, then sent requests with an auth header and it would always go upstream for the request as long as an auth header was attached. The only way to cache them was with the addition of `public` to the CC header This was with 8.1.x ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
