-
-
Notifications
You must be signed in to change notification settings - Fork 9.7k
Description
Description
I want a easy way to customize (or remove) the "Cache-Control" header.
Symfony always provide a "Cache-Control" header with following default: "Cache-Control: no-cache, private"
.
I think this is coming from here => ResponseHeaderBag.php:computeCacheControlValue()
We had a security audit and they recommend to use "Cache-Control: no-cache, no-store, must-revalidate"
To solve this I wrote a Subscriber (ResponseEvent::class => ['onKernelResponse']
) that is just set this header.
Normally I would set this header in our nginx.conf like this add_header Cache-Control "no-cache, no-store, must-revalidate" always;
but then the nginx just add the header and the response have "Cache-Control" two times.
Example
Something like this would be nice:
framework.yml
framework:
secret: '%env(APP_SECRET)%'
cache_control: false // or 'no-cache, no-store, must-revalidate, private'
[.....]
Relates to: