Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Caching proxy with authenticated REST requests

Tags:

Consider following scenario:

  • I have RESTful URL /articles that returns list of articles
  • user provide his credentials using Authorization HTTP header on each request
  • articles may vary from user to user based on his privileges

Its possible to use caching proxy, like Squid, for this scenario? Proxy will see only URL /articles so it may return list of articles only valid for first user that generates the cache. Other users requesting URL /articles can see articles they don't have access to, which is not desirable of course.

Should I roll my own cache or some caching proxy software can be configured to base its cache on Authorization HTTP header?

like image 907
Peter Avatar asked Nov 09 '09 11:11

Peter

People also ask

Can proxies be used to cache requests?

Proxy caching is a feature of proxy servers that stores content on the proxy server itself, allowing web services to share those resources to more users. The proxy server coordinates with the source server to cache documents such as files, images and web pages.

What is caching in proxy server?

Caching proxy is a type of Internet/network caching technique that enables a proxy server to save recent and frequent website/webpage requests and data requested by one or more client machines.

What is caching in REST API?

Caching is the ability to store copies of frequently accessed data in several places along the request-response path. When a consumer requests a resource representation, the request goes through a cache or a series of caches (local cache, proxy cache, or reverse proxy) toward the service hosting the resource.

What does a HTTP caching proxy do if it has a cache miss?

Second, a caching proxy often functions as a second (or higher) level cache, getting only the misses left over from Web clients that use a per-client cache (e.g., Mosaic and Netscape). The misses passed to the proxy-server from the client usually do not contain a document requested twice by the same user.

1 Answers

One possibility to try is using the Vary: Authorization response header to instruct downstream caches to be careful about caching by varying the cached documents based on the request's Authorization header.

You may already be using this header if you use response-compression. The user generally requests a resource with the header Accept-Encoding: gzip, deflate; if the server is configured to support compression, then the response might come with the headers Content-Encoding: gzip and Vary: Accept-Encoding already.

like image 98
yfeldblum Avatar answered Nov 14 '22 13:11

yfeldblum
Sign in to Comment

Related questions

Cookie based SSO
Is C++ static member variable initialization thread-safe?
DateTime precision in NHibernate and support for DateTime2 in NHibernate SchemeExport
What columns stores the slug in wordpress
How to correctly initialize member variable of template type?
What's the difference between opening a file with ios::binary or ios::out or both?
PHP return_var codes?
Maintainable Unit Tests
How can I make my AES encryption identical between Java and Objective-C (iPhone)?
HttpPostedFileBase.SaveAs method question
Initializing Lookup<int, string>
How are integers cast to bytes in Java?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!