Skip to content

fix(http): exclude caching for authenticated HTTP requests#54746

Closed
alan-agius4 wants to merge 2 commits intoangular:mainfrom
alan-agius4:http-cache-auth
Closed

fix(http): exclude caching for authenticated HTTP requests#54746
alan-agius4 wants to merge 2 commits intoangular:mainfrom
alan-agius4:http-cache-auth

Conversation

@alan-agius4
Copy link
Contributor

@alan-agius4 alan-agius4 commented Mar 7, 2024

This update modifies the transfer cache logic to prevent caching of HTTP requests that require authorization.

Closes: #54745

@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer area: common/http Issues related to HTTP and HTTP Client target: patch This PR is targeted for the next patch release server: http cache labels Mar 7, 2024
@pullapprove pullapprove bot requested a review from alxhub March 7, 2024 13:03
@ngbot ngbot bot added this to the Backlog milestone Mar 7, 2024
@alan-agius4 alan-agius4 requested review from AndrewKushnir and removed request for alxhub March 7, 2024 13:04
@alan-agius4
fix(http): exclude caching for authenticated HTTP requests
dc72975 
This update modifies the transfer cache logic to prevent caching of HTTP requests that require authorization.

Closes: angular#54745
AndrewKushnir
AndrewKushnir reviewed Mar 7, 2024
View reviewed changes
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Mar 7, 2024
@atscott
Copy link
Contributor

atscott commented Mar 7, 2024

This PR was merged into the repository by commit 2258ac7.

atscott pushed a commit that referenced this pull request Mar 7, 2024
@alan-agius4 @atscott
fix(http): exclude caching for authenticated HTTP requests (#54746)
8d37ed0 
This update modifies the transfer cache logic to prevent caching of HTTP requests that require authorization.

Closes: #54745

PR Close #54746
atscott pushed a commit that referenced this pull request Mar 7, 2024
@alan-agius4 @atscott
fix(http): exclude caching for authenticated HTTP requests (#54746)
359408e 
This update modifies the transfer cache logic to prevent caching of HTTP requests that require authorization.

Closes: #54745

PR Close #54746
@atscott atscott closed this in 2258ac7 Mar 7, 2024
@alan-agius4 alan-agius4 deleted the http-cache-auth branch March 7, 2024 19:01
@robertIsaac
Copy link
Contributor

robertIsaac commented Mar 13, 2024

why this isn't marked as breaking change?
a lot of application always send authentication header no matter if the API requires it or not
now they need to handle it in the interceptor
and I think this should optional so developers can opt to it or not

@tylerstarcher
Copy link

tylerstarcher commented Mar 25, 2024

Adding to above, for enterprise level applications, a lot of API's require header authentication as a basic way to protect the API. If the request is authenticated on the server side, why prevent it from being utilized on the client side? Personally, this has crushed our use of hydration and taken away all of the goodness until it is configurable.

@tylerstarcher tylerstarcher mentioned this pull request Mar 25, 2024
Closed
@alan-agius4 alan-agius4 restored the http-cache-auth branch March 25, 2024 16:07
@alan-agius4 alan-agius4 deleted the http-cache-auth branch March 25, 2024 16:11
@AndrewKushnir AndrewKushnir mentioned this pull request Mar 25, 2024
Closed
alan-agius4 added a commit to alan-agius4/angular that referenced this pull request Mar 25, 2024
@alan-agius4
Revert "fix(http): exclude caching for authenticated HTTP requests (a…
0568ea8 
…ngular#54746)"

This reverts commit 2258ac7.

Closes: angular#55031
dylhunn pushed a commit that referenced this pull request Mar 26, 2024
@alan-agius4 @dylhunn
Revert "fix(http): exclude caching for authenticated HTTP requests (#…
8958e0b 
…54746)" (#55033)

This reverts commit 2258ac7.

Closes: #55031

PR Close #55033
dylhunn pushed a commit that referenced this pull request Mar 26, 2024
@alan-agius4 @dylhunn
Revert "fix(http): exclude caching for authenticated HTTP requests (#…
6ea5e21 
…54746)" (#55033)

This reverts commit 2258ac7.

Closes: #55031

PR Close #55033
@angular-automatic-lock-bot
Copy link

angular-automatic-lock-bot bot commented Apr 25, 2024

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Apr 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@AndrewKushnir AndrewKushnir AndrewKushnir approved these changes

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: common/http Issues related to HTTP and HTTP Client server: http cache target: patch This PR is targeted for the next patch release

Projects

None yet

Milestone

Backlog

Development

Successfully merging this pull request may close these issues.

provideClientHydration() shouldn't cache HttpClient GET requests with "Authorization" header

5 participants

@alan-agius4 @atscott @robertIsaac @tylerstarcher @AndrewKushnir