Skip to content

[HttpFoundation] Easy customizable "Cache-Control"  #36109

@thedomeffm

Description

@thedomeffm

Description
I want a easy way to customize (or remove) the "Cache-Control" header.
Symfony always provide a "Cache-Control" header with following default: "Cache-Control: no-cache, private".
I think this is coming from here => ResponseHeaderBag.php:computeCacheControlValue()

We had a security audit and they recommend to use "Cache-Control: no-cache, no-store, must-revalidate"

To solve this I wrote a Subscriber (ResponseEvent::class => ['onKernelResponse']) that is just set this header.

Normally I would set this header in our nginx.conf like this add_header Cache-Control "no-cache, no-store, must-revalidate" always; but then the nginx just add the header and the response have "Cache-Control" two times.

image

Example
Something like this would be nice:
framework.yml

framework:
    secret: '%env(APP_SECRET)%'
    cache_control: false // or 'no-cache, no-store, must-revalidate, private'
    [.....]

Relates to:

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions