How can I prevent an Azure Storage Shared Access Signature based on a Stored Access Policy being cached in the browser

0
votes

I have generated an Azure Storage Shared Access Signature based on a Blob specific Stored Access Policy through Storage Explorer and have tested the generated URI in both Firefox and Chrome.

However, if I delete the SAP and/or regenerate the Storage Account Key, I can still access the Blob through that browser using the previous SAS.

Although clearing the Cached Web Content (or Chrome equivalent) resolves the issue I thought that deleting the SAP would immediately prevent further access (I only tried regenerating the key as a last resort and even that didn't work).

Is anyone aware of a way that I can prevent this browser caching of the SAS as it seems like a security issue to me.

1
azureazure-storageazure-storage-blobsbrowser-cache
can you try to set the blob property CacheControl to max-age=0? - Ivan Yang
Thanks Ivan, cannot find a way to edit Blob Properties either through the Portal or the Storage Explorer - other posts seem to point in the direction of serving via a CDN which allows greater control - but I was hoping to avoid that (or having to generated the SAS programmatically) - davesaway
in storage explorer, right click the blob -> then in the context menu, select properties -> then scroll to CacheControl. - Ivan Yang
perfect - thanks - it looks like your response is a comment rather than an answer though - so I can't formally "accept" it - davesaway
I added it as an answer:) - Ivan Yang

1 Answers

1
votes

Please try to set the blob property CacheControl to max-age=0 or no-cache.

In storage explorer,right click the blob -> then in the context menu, select properties -> then scroll to CacheControl. Screenshot as below:

enter image description here