- 新しい順
- 投票が多い順
- コメントが多い順
Hi there,
Setting Cache-Control:private does not preventing caching of an error response, the private response directive indicates that the response can be stored only in a private cache and not in shared caches such as CloudFront/CDN.
This is how CloudFront behaves with cache-control:private, If CloudFront gets an object from the origin that includes the Cache-Control: no-cache, no-store, and/or private directives, and then later CloudFront gets another viewer request for the same object, CloudFront tries to contact the origin to fulfill the viewer request.
You also asked if private information in your other response headers might be seen by others, yes it can. If your response contain cache-control private then CloudFront will not cache as per the doc but the files will be publicly accessible as the directive private is specific to caching. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html
A workaround to ensure that the error response is not cached is to configure a dummy error page on CloudFront and then set a TTL of 0seconds. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GeneratingCustomErrorResponses.html
関連するコンテンツ
AWS公式更新しました 2年前
