* @see https://www.rfc-editor.org/rfc/rfc9111.html#name-storing-responses-to-authen * * @param {import('../../types/cache-interceptor.d.ts').default.CacheOptions['type']} cacheType * @param {number} statusCode * @param {import('../../types/header.d.ts').IncomingHttpHeaders} resHeaders * @param
(cacheType, statusCode, resHeaders, cacheControlDirectives, reqHeaders)
| 344 | * @param {import('../../types/header.d.ts').IncomingHttpHeaders} [reqHeaders] |
| 345 | */ |
| 346 | function canCacheResponse (cacheType, statusCode, resHeaders, cacheControlDirectives, reqHeaders) { |
| 347 | // Status code must be final and understood. |
| 348 | if (statusCode < 200 || NOT_UNDERSTOOD_STATUS_CODES.includes(statusCode)) { |
| 349 | return false |
| 350 | } |
| 351 | // Responses with neither status codes that are heuristically cacheable, nor "explicit enough" caching |
| 352 | // directives, are not cacheable. "Explicit enough": see https://www.rfc-editor.org/rfc/rfc9111.html#section-3 |
| 353 | if (!HEURISTICALLY_CACHEABLE_STATUS_CODES.includes(statusCode) && !resHeaders['expires'] && |
| 354 | !cacheControlDirectives.public && |
| 355 | cacheControlDirectives['max-age'] === undefined && |
| 356 | // RFC 9111: a private response directive, if the cache is not shared |
| 357 | !(cacheControlDirectives.private && cacheType === 'private') && |
| 358 | !(cacheControlDirectives['s-maxage'] !== undefined && cacheType === 'shared') |
| 359 | ) { |
| 360 | return false |
| 361 | } |
| 362 | |
| 363 | if (cacheControlDirectives['no-store']) { |
| 364 | return false |
| 365 | } |
| 366 | |
| 367 | if (cacheType === 'shared' && cacheControlDirectives.private === true) { |
| 368 | return false |
| 369 | } |
| 370 | |
| 371 | // https://www.rfc-editor.org/rfc/rfc9111.html#section-4.1-5 |
| 372 | if (resHeaders.vary?.includes('*')) { |
| 373 | return false |
| 374 | } |
| 375 | |
| 376 | // https://www.rfc-editor.org/rfc/rfc9111.html#name-storing-responses-to-authen |
| 377 | if (reqHeaders?.authorization) { |
| 378 | if ( |
| 379 | !cacheControlDirectives.public && |
| 380 | !cacheControlDirectives['s-maxage'] && |
| 381 | !cacheControlDirectives['must-revalidate'] |
| 382 | ) { |
| 383 | return false |
| 384 | } |
| 385 | |
| 386 | if (typeof reqHeaders.authorization !== 'string') { |
| 387 | return false |
| 388 | } |
| 389 | |
| 390 | if ( |
| 391 | Array.isArray(cacheControlDirectives['no-cache']) && |
| 392 | cacheControlDirectives['no-cache'].includes('authorization') |
| 393 | ) { |
| 394 | return false |
| 395 | } |
| 396 | |
| 397 | if ( |
| 398 | Array.isArray(cacheControlDirectives['private']) && |
| 399 | cacheControlDirectives['private'].includes('authorization') |
| 400 | ) { |
| 401 | return false |
| 402 | } |
| 403 | } |
no outgoing calls
no test coverage detected
searching dependent graphs…