WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#39861 closed defect (bug) (invalid)

WP REST API and Caching Issue

Reported by: sckmkny Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7.2
Component: REST API Keywords:
Focuses: Cc:

Description

It appears that the current implementation of the WP REST API uses the following cache control header:

cache-control:no-cache, must-revalidate, max-age=0

The problem is that some providers, e.g., SiteGround, also tack on a bogus last modified header:

last-modified:Thu, 01 Jan 1970 00:00:00 GMT

This combination causes the browser to add a "if-modified-since" header to subsequent API call and resulting with a 304 response (in this case NGINX at SiteGround). At the point, you continually get stale results from the API.

The fix is to also add a "no-store" to the API response.

Cache-Control: no-cache, no-store, must-revalidate

For reference:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control

Change History (2)

#2 @joehoyle
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

@sckmkny is this for an authenticated request? We don't send no-cache headers on anonymous requests, for example:

> http https://demo.wp-api.org/wp-json/wp/v2/posts
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Allow: GET
Cache-Control: max-age=300, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json; charset=UTF-8
Date: Sun, 26 Mar 2017 01:56:55 GMT
Last-Modified: Sun, 26 Mar 2017 01:56:55 GMT
Link: <https://demo.wp-api.org/wp-json/wp/v2/posts?page=2>; rel="next"
Server: nginx/1.4.6 (Ubuntu)

As for siteground returning the bogus last-modified, I don't know why they would be doing that but I think that might be an issue on their end.

cache-control:no-cache, must-revalidate, max-age=0 should absolutely not cause a last modified to be that, so it might be better to reach out to their support. We already send a last modified of the current date.

Going to close out, but re-open if it seems I missed something!

Note: See TracTickets for help on using tickets.