授权时绕过 FastCGI 缓存 Header
Bypass FastCGI Cache When Authorization Header
我已经在 Nginx 中为 Laravel API 应用实现了 FastCGI 缓存,但我意识到我不希望缓存 return user-related 数据的端点。我正在使用 JWT Auth,我在 header 中将令牌作为 Authorization: Bearer ... 传递,以验证用户请求。如果请求中存在此 header,我无法找到禁用 FastCGI 缓存的方法。这是我在我的 Nginx 中的内容:
fastcgi_cache_path /etc/nginx-cache levels=1:2 keys_zone=phpcache:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 600;
fastcgi_cache phpcache; # The name of the cache key-zone to use
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid 200 30s;
fastcgi_cache_methods GET HEAD; # What to cache: only GET and HEAD requests (not POST)
add_header X-Fastcgi-Cache $upstream_cache_status; # Add header so we can see if the cache hits or misses
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_hide_header X-Powered-By;
fastcgi_cache_lock on;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
include fastcgi_params;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
#Cache everything by default
set $no_cache 0;
#Don't cache the following URLs
if ($request_uri ~* "/admin/)")
{
set $no_cache 1;
}
我也已将其添加到我的 .htaccess
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
我想我明白了。我修改了这些行,现在它忽略了那些在 header:
中具有授权的请求
fastcgi_cache_bypass $no_cache $http_authorization;
fastcgi_no_cache $no_cache $http_authorization;
我已经在 Nginx 中为 Laravel API 应用实现了 FastCGI 缓存,但我意识到我不希望缓存 return user-related 数据的端点。我正在使用 JWT Auth,我在 header 中将令牌作为 Authorization: Bearer ... 传递,以验证用户请求。如果请求中存在此 header,我无法找到禁用 FastCGI 缓存的方法。这是我在我的 Nginx 中的内容:
fastcgi_cache_path /etc/nginx-cache levels=1:2 keys_zone=phpcache:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 600;
fastcgi_cache phpcache; # The name of the cache key-zone to use
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid 200 30s;
fastcgi_cache_methods GET HEAD; # What to cache: only GET and HEAD requests (not POST)
add_header X-Fastcgi-Cache $upstream_cache_status; # Add header so we can see if the cache hits or misses
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_hide_header X-Powered-By;
fastcgi_cache_lock on;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
include fastcgi_params;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
}
#Cache everything by default
set $no_cache 0;
#Don't cache the following URLs
if ($request_uri ~* "/admin/)")
{
set $no_cache 1;
}
我也已将其添加到我的 .htaccess
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
我想我明白了。我修改了这些行,现在它忽略了那些在 header:
中具有授权的请求fastcgi_cache_bypass $no_cache $http_authorization;
fastcgi_no_cache $no_cache $http_authorization;