Menu
I am not so good in Java + Spring, but I'd like to add Cache-Control header to my ResponseEntity.
@RequestMapping(value = "/data/{id}", method = GET")
public ResponseEntity<String> getData(@PathVariable("id") String id) {
try {
...
HttpHeaders headers = new HttpHeaders();
headers.setCacheControl("max-age=600");
return new ResponseEntity<String>(body, headers, HttpStatus.OK);
}
}
I added two lines of code for HttpHeaders and now I get two Cache-Control headers in my response:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Cache-Control: max-age=600
Content-Type: application/json;charset=UTF-8
Content-Length: 18223
Date: Wed, 29 Jun 2016 21:56:57 GMT
What did I do wrong?
428
If we want to set headers on single responses, we can use HttpServletResponse or ResponseEntity objects. In contrast, if our objective is to add a filter to all or multiple responses, we'll need to configure a Filter.
We can enable caching in the Spring Boot application by using the annotation @EnableCaching. It is defined in org. springframework. cache.
public class CacheControl extends Object. A builder for creating "Cache-Control" HTTP response headers. Adding Cache-Control directives to HTTP responses can significantly improve the client experience when interacting with a web application.
Just add the following to your application.properties:
security.headers.cache=false
As Spring Security documentation states:
Spring Security allows users to easily inject the default security headers to assist in protecting their application. The default for Spring Security is to include the following headers:
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
now I get 2 CacheControl headers in my response
One of them is provided by Spring Security. If you don't like them, you can disable the default Cache-Control headers in your WebSecurityConfigurerAdapter:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// Other configurations
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// Other configurations
.headers()
.cacheControl().disable();
}
}
Since you're using Spring Boot, you can achieve the same using the security.headers.* properties. In order to disable that default Cache-Control header, just add the following to your application.properties:
security.headers.cache=false
Also, more idiomatic way of adding Cache-Control headers is to use the new cacheControl builder:
ResponseEntity.ok()
.cacheControl(CacheControl.maxAge(600, TimeUnit.SECONDS))
.body(body);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
