A header for Keycloak: Cache-control: no-cache, no-store

RChepurkin · December 16, 2021, 9:18am

Hi. We recently find out that some keycloak URLs have header “cache-control: no-cache”:
For example:
Request to https://<keycloak.domain>/auth/admin/master/console/ we have cache-control: no-cache

Question:

Can we set the next settings for all keycloak headers “cache-control: no-cache, no-store”? After the changes will keycloak work properly?

Thanks.

yalpertem · October 25, 2022, 3:28pm

I’m trying to set the headers manually by implementing ContainerResponseFilter interface. I can set pragma and expires. But the cache-control header is overridden somewhere else. Even if I set it, I get cache-control: no-cache in the browser for /realms/myrealm/account/.

Simple example:

@Provider
public class ResponseCacheFilter implements ContainerResponseFilter {

	@Override
	public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
		String requestPath = requestContext.getUriInfo().getPath();
		if (requestPath.contains("/account/")) {
			responseContext.getHeaders().add("Cache-Control", "no-cache, no-store, must-revalidate");
			responseContext.getHeaders().add("Pragma", "no-cache");
			responseContext.getHeaders().add("Expires", "0");
		}
	}
}

Topic		Replies	Views
When does keycloak set headers?	0	275	March 14, 2023
Update Http-Security Headers on Keycloak Configuring the server authentication	0	1090	August 3, 2022
Header ‘authorization’ is not allowed according to header ‘Access-Control-Allow-Headers’	0	588	May 27, 2020
Referer Header missing (was there in keycloak 4.7.0Final)	1	1433	April 23, 2021
Missing CORS Header Problem Getting advice	1	518	August 17, 2022

A header for Keycloak: Cache-control: no-cache, no-store

Related Topics