Skip to content

Clarify the type option of the cache interceptor #4299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
metcoder95 merged 2 commits into from
Jul 4, 2025
Merged

Clarify the type option of the cache interceptor #4299

metcoder95 merged 2 commits into from
Jul 4, 2025

Conversation

@fredericDelaporte
Copy link
Contributor

@fredericDelaporte fredericDelaporte commented Jun 26, 2025
edited
Loading

People not knowing well the HTTP cache semantic may misleadingly believe that private is a safer choice than shared. Add a bit of guidance about the effect of private.

This relates to...

The type option of the cache interceptor, so, HTTP caching of fetches done by Undici.

Rationale

The private type option of the cache interceptor causes the Undici HTTP cache to act as a private cache while in most circumstances a Node.js application will be shared between many users. This can lead to private data leakage. Furthermore people not understanding well the HTTP cache semantic may misleadingly think choosing private instead of shared is safer.

Changes

Add some guidance about the private choice.

Features

N/A

Bug Fixes

N/A

Breaking Changes and Deprecations

None

Status

@fredericDelaporte
Clarify the type option of the cache interceptor
91d425f 
People not knowing well the HTTP cache semantic may misleadingly believe that `private` is a safer choice than `shared`.
Add a bit of guidance about the effect of private.
metcoder95
metcoder95 reviewed Jun 27, 2025
View reviewed changes
fredericDelaporte
fredericDelaporte commented Jun 27, 2025
View reviewed changes
docs/docs/api/Dispatcher.md
- `methods` - The [**safe** HTTP methods](https://www.rfc-editor.org/rfc/rfc9110#section-9.2.1) to cache the response of.
- `cacheByDefault` - The default expiration time to cache responses by if they don't have an explicit expiration. If this isn't present, responses without explicit expiration will not be cached. Default `undefined`.
- `type` - The type of cache for Undici to act as. Can be `shared` or `private`. Default `shared`.
- `type` - The [type of cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#types_of_caches) for Undici to act as. Can be `shared` or `private`. Default `shared`. `private` implies privately cacheable responses will be cached and potentially shared with other users of your application.
Copy link
Contributor Author

@fredericDelaporte fredericDelaporte Jun 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Example end result:
image

mcollina
mcollina approved these changes Jul 3, 2025
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@metcoder95 metcoder95 merged commit 9c10a1c into nodejs:main Jul 4, 2025
28 of 31 checks passed
@fredericDelaporte fredericDelaporte deleted the patch-1 branch July 4, 2025 18:33
@github-actions github-actions bot mentioned this pull request Jul 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcollina mcollina mcollina approved these changes

@metcoder95 metcoder95 metcoder95 approved these changes

@Ethan-Arrowood Ethan-Arrowood Ethan-Arrowood approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fredericDelaporte @mcollina @metcoder95 @Ethan-Arrowood