Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Prevent Google Chrome from sending Sec-Fetch headers

I would like to cache static content (index.html) in my web API 2 (net. framework 4.6.2 app)

I wrote OWIN middleware that adds a cache-control header to the response, allowing for subsequent requests to be retrieved from the browser cache.

The OWIN context extension:

public static class BrowserCacheOwinContextExtensions {
  public static IOwinContext SetCacheControlHeader(this IOwinContext context, int maxAge) {
    context.Response.Headers["Cache-Control"] = $"public, max-age={maxAge}";
    context.Response.Headers["Vary"] = "User-Agent";
        
    return context;
  } 
}

Snippet from middleware:

if (browserCacheOptions.IsEnable) {
  context.SetCacheControlHeader(browserCacheOptions.MaxAge);
}

await context.Response.WriteAsync(file);

It works fine in the Mozilla browser but doesn't in Chrome.

Snippet from Mozilla:

enter image description here enter image description here

I believe the root cause of this is that Chrome adds additional Sec-Fetch headers + cache-control: max-age=0 to the request automatically.

enter image description here

Automatically added Sec-Fetch headers by Chrome:

enter image description here enter image description here

Note: if open the same request at separate browser tab it works fine ever for Chrome (no sec-fetch headers in request)

Q: Is it possible to somehow disable such behaviour and don't add sec-fetch headers automatically to the request?

Or if you have other proposals, please do share them.

like image 530
AllmanTool Avatar asked Nov 15 '22 11:11

AllmanTool


1 Answers

You cannot modify the sec- as it is in forbidden headers list. This basically a list of headers that cannot be modified using the client side scripting.

like image 50
ladecruze Avatar answered Dec 09 '22 17:12

ladecruze