Azure Blob SAS and Cache-Control to ensure that resources are cached

2
votes

We are serving private resources (images, files, ...) stored on an Azure Blob container.

Security is implemented using Shared Access Signatures, created for every request to the resource, e.g, two requests mean two different access tokens.

In general a secure URL is comprised of the file name and the token is passed as query string, e.g. https://myaccount.blob.core.windows.net/file.img?sv=2015-04-05&ss=bf&srt=s&st=2015-04-29T22%3A18%3A26Z&se=2015-04-30T02%3A23%3A26Z&sr=b&sp=rw&sip=168.1.5.60-168.1.5.70&spr=https&sig=F%6GRVAZ5Cdj2Pw4tgU7IlSTkWgn7bUkkAg8P6HESXwmf%4B

The response for the resources contains the Cache-Control header (Cache-Control:max-age=31536000?

Resources of type Image and Video are present in the website using a regular HTML's or elements.

Can resources served this way be cached by the browser?

Thanks everyone!

1
htmlazurecachingazure-storage-blobs
How can a HTML client cache images or videos served this way? - Do you want the HTML client (say a browser) to cache the content or not? Or is your question is whether or not the content will be cached? Please edit your question and include this. Thanks.Gaurav Mantri
Done Gaurav, I hope now it is clear that I want resources to be cached by the browser. Thank you.JCS
Possible duplicate of Instructing browser cache to ignore certain URL params, i.e. it does not seem to be possible - browsers cache based on method and URI; if you have a variable query parameter, the browser cannot retrieve it from the cache unless you use the same SAS token every time.AndreasHassing
"unless you use the same SAS token every time", indeed! But the HTTP response was still missing the required Cache Headers. Just answered the question and included a code sample.JCS

1 Answers

1
votes

It is possible to add cache headers to the Shared Access Signature.

This instructs Azure Blob to return the corresponding cache headers as part of the HTTP Response.

This is how you can do it in c#:

    var policy = new SharedAccessBlobPolicy();
    var headers = new SharedAccessBlobHeaders() { CacheControl = "max-age=" + MaxCacheAgeInDays * 24 * 60 * 60 };
    var blockBlob = _container.GetBlockBlobReference(name);

    var result = _baseUrl + blobName + blockBlob.GetSharedAccessSignature(policy, headers);

Hope this helps someone else.

PS: The same can be done for other HTTP headers.