URLResponse cached although response's cache-control header is set to no-cache

0
votes

In my iOS app I want to cache images that are requested from different destinations. For downloading images I use URLSessionDataTasks with the default caching mechanism provided by URLSession.shared, which makes use of the NSURLRequestUseProtocolCachePolicy.

The caching works basically fine. Responses are being cached and cache headers like etag and cache-control "max-age" are correctly being handled. But if the server responds with the cache-control header set to "no-cache", the URLCache of the URLSession is still caching the image. I can access the cached response via URLCache.shared.cachedResponse(for: request) and also a new data task with the same request will return time image from the cache (which I validated by using Charles proxy and I'm not seeing the request I am awaiting).

Why isn't it correctly handling the respond's cache header? Do I need to manually check the respond's cache headers?

1
ioscachingnsurlsessionno-cache

1 Answers

0
votes

The no-cache directive doesn't mean "don't store it in the cache". Rather it instructs the cache not to serve a cached response without validating with the server first. The RFC7234 specification says the following regarding the no-cache directive.

The "no-cache" response directive indicates that the response MUST NOT be used to satisfy a subsequent request without successful validation on the origin server. This allows an origin server to prevent a cache from using it to satisfy a request without contacting it, even by caches that have been configured to send stale responses.

If the no-cache response directive specifies one or more field-names, then a cache MAY use the response to satisfy a subsequent request, subject to any other restrictions on caching. However, any header fields in the response that have the field-name(s) listed MUST NOT be sent in the response to a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent the re-use of certain header fields in a response, while still allowing caching of the rest of the response.

So what will happen is that for "fresh" responses with the no-cache directive, a conditional request will be sent to verify whether the stored response can be used. If the response is still valid, the server will send a 304 - Not Modified response. Upon receiving the 304 response, the cache will serve the stored response with the no-cache directive. If the stored response is no longer valid, the server will send a new response.