Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

cache-headers

Package Overview
Dependencies
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

cache-headers

Generate browser and cdn cache header values

  • 1.1.1
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
18
increased by350%
Maintainers
1
Weekly downloads
 
Created
Source

Cache Headers

Create cache headers as application-level or route-level middleware. This has only been tested as middleware for an express app. The primary cache header set is the Cache-Control header value. All time values are set as seconds per the w3 spec.

This package is developed using ES6 and transpiled with babel. It is also using the 1stdibs eslint rules.

Installation

$ yarn add cache-headers
// with npm 
$ npm install --save cache-headers

Tests

$ yarn
$ yarn test
// with npm
$ npm install
$ npm test

Usage

App-level setup middleware

const express = require('express');
const app = express();
const cache = require('cache-headers');
const pathsConfig = {
    paths: {
        '/**/generic': {
            staleRevalidate: 'ONE_HOUR',
            staleError: 'ONE_HOUR'
        },
        '/default/values': {},
        '/user/route': false,
        '/**': 60
    }
};

// some other middleware

app.use(cache.setupInitialCacheHeaders(pathsConfig));

// rest of app setup

With the example above, the Cache-Control header is set as follows when a user hits these different site routes:

  • /**/generic (any route ending in generic)
    • Cache-Control: no-cache, no-store, must-revalidate, stale-while-revalidate=3600, stale-if-error=3600
    • Surrogate-Control: maxAge=600
  • /default/values
    • Cache-Control: no-cache, no-store, must-revalidate
    • Surrogate-Control: maxAge=600
  • /user/route
    • Cache-Control: private, no-cache, no-store, must-revalidate
    • Surrogate-Control: maxAge=0
    • Last-Modified: (NOW)
  • /** (any other route not listed)
    • Cache-Control: no-cache, no-store, must-revalidate
    • Surrogate-Control: maxAge=60

Router-level middleware

Taking the app-level setup above, you can additionally override the default pathsConfig initially set.

const express = require('express');
const router = express.Router();
const cache = require('cache-headers');
const overrideConfig = {
    "maxAge": 2000
};

// app.use(cache.setupInitialCacheHeaders(pathsConfig)) is loaded prior to this route, therefore running by default
// and any subsequent call to set the header is then overwritten

router.get('/endswith/generic', cache.overrideCacheHeaders(overrideConfig), (req, res, next) => {
    // do route-y stuff
    next();
});

Rather than set the original headers defined in the pathsConfig config in the app-level setup (for the /**/generic path), this will output the following:

Cache-Control: no-cache, no-store, must-revalidate
Surrogate-Control: maxAge=2000

API

cache.setupInitialCacheHeaders(pathsConfig)

{
    '/glob/**/path': object|string|boolean=false
}

The following are acceptable keys to use if an object is passed in

keytypedescriptiondefault
lastModifiedstringset Last-Modified Header
maxAgestring, numbernumber or string representing a number for Surrogate-Control: max-age (forced to 0 if setPrivate=true)TEN_MINUTES (600 seconds)
setPrivatebooleanshould add Cache-Control: private (if set to true forces Surrogate-Control: maxAge=0 and Last-Modified: (NOW))false
staleErrorstring, numbernumber or string representing a number for Cache-Control: stale-if-error
staleRevalidatestring, numbernumber or string representing a number for Cache-Control: stale-while-revalidate

The following are acceptable values to use if a string is passed in for cache values:

  • 'ONE_MINUTE'
  • 'TEN_MINUTES'
  • 'ONE_HOUR'
  • 'ONE_DAY'
  • 'ONE_WEEK'
  • 'ONE_MONTH'
  • 'ONE_YEAR'

The following are acceptable values to use if a boolean is passed in

  • false - this is equivalent to passing { setPrivate: true, maxAge: 0 }

If no options are passed in, the default value set is

Cache-Control: no-cache, no-store, must-revalidate
Surrogate-Control: max-age=600

cache.overrideCacheHeaders(overrideConfig)

{
    lastModified: string,
    maxAge: number|string,
    setPrivate: boolean,
    staleError: number|string,
    staleRevalidate: number|string
}
keytypedescriptiondefault
lastModifiedstringset Last-Modified Header
maxAgestring, numbernumber or string representing a number for Surrogate-Control: max-age (forced to 0 if setPrivate=true)TEN_MINUTES (600 seconds)
setPrivatebooleanshould add Cache-Control: private (if set to true forces Surrogate-Control: maxAge=0 and Last-Modified: (NOW))false
staleErrorstring, numbernumber or string representing a number for Cache-Control: stale-if-error
staleRevalidatestring, numbernumber or string representing a number for Cache-Control: stale-while-revalidate

Recipes

Private Pages

Options for pages that are intended for a single user and should not be cached.

{
    setPrivate: true    
}

Headers Output:

'Cache-Control': 'private, no-cache, no-store, must-revalidate'
'Surrogate-Control': 'maxAge=0'
'Pragma': 'no-cache'
'Expires': 0
'Last-Modified': (NOW)
Browser/Server Cached Pages

Options for pages that are intended for all users and should be cached in both the browser and the server.

{
    maxAge: 'ONE_WEEK',                             // cache on server
    staleError: 'ONE_MONTH',                        // cache on browser if server returns error
    staleRevalidate: 'TEN_MINUTES',                 // cache on browser for 10 min
    lastModified: 'Fri, 23 Jun 2017 14:35:44 GMT'   // some deployTime from a versionReport
}

Headers Output:

'Cache-Control': 'no-cache, no-store, must-revalidate, stale-while-revalidate=600, stale-if-error=2592000'
'Surrogate-Control': 'maxAge=604800'
'Pragma': 'no-cache'
'Expires': 0
'Last-Modified': 'Fri, 23 Jun 2017 14:35:44 GMT'

Additional notes on header use / specification

  • Cache-Control
    • private - response intended for single user and should not be cached
    • no-cache, no-store, must-revalidate - turns off browser caching
    • stale-while-revalidate={seconds} - use stale version for up to {seconds} while re-fetching latest version background
    • stale-if-error={seconds} - use stale version if re-fetch fails within {seconds} of response becoming stale
  • Surrogate-Control
    • takes priority over Cache-Control, but is stripped so browsers don't see it
    • max-age={seconds} - how long the response can be considered fresh

(For more information on Surrogate-Control/Cache-Control headers read Fastly Cache Control Tutorials and W3 Specification.)

Contributing

All code additions and bugfixes must be accompanied by unit tests. Tests are run with jest and written with the node assert module.

Acknowledgement

A portion of this code was taken from this cache-control package/repo.

Keywords

FAQs

Package last updated on 29 Jun 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List

Security News

Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List

MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.

By Sarah Gooding  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc