Currently there is no good way to set
Cache-Control: no-store in Rails
applications. One of the top StackOverflow answers currently suggests
putting it directly into header set.
Unfortunately, it cannot later be overridden in specific/individual actions by
expires_in 5.minutes. Resulting header in that case is
Cache-Control: max-age=300, private, no-store (which doesn’t make much sense).
What’s the use of it
- To prevent rendering stale content if browser return button is used (‘expires_now’ does not help).
- To prevent browser disk cache being used. In some situations it’s considered a privacy/security risk.
Gave it a quick go and currently have this: Comparing master...cache-control-no-store · tadas-s/rails · GitHub
Not exactly elegant, mostly because I want to be able to override
expires_now/in/etc and vice versa. E.g. when there’s a controller/app wide default set in
before_action, but some specific controller actions need to override it.
Any thoughts? Is this something worth considering for Rails core?
- Mozilla developer docs for Cache-Control header.
- Somewhat similar conversation mentioning no-store in PR 19556 which didn’t go anywhere. Couldn’t find any more examples / discussion about this.
Many Thanks, Tadas