|
The back-end currently does not define any cache-control headers. We should be more explicit about which resources should and should not be cached and for how long. No caching can reduce client-side performance. Implicitly not caching can also have unexpected results, leaving caching decisions up to some intermediary network proxy.
Further, in a multi-tenant environment, we should instruct caching systems to take the x-okapi-token and x-okapi-tenant headers into consideration to avoid inadvertently caching responses across tenants or user (with say, fewer permissions). This can be done with the vary header.
How and when the headers are applied needs to be worked out. Should they be applied by Okapi? Are there defaults? The module owning the resource probably has the closest knowledge of what can and should be cached and for how long. Therefore should modules have some say (opt-in or opt-out) in which resources should have headers applied?
|