The max-age directive applies to every cache (browser and reverse proxy) whereas s-maxage applies only to shared cache (reverse proxy).
This is usually not a problem when using a reverse proxy like Varnish because you can remove the max-age from the response before the browser gets it.
However if for some reason, the response header is not altered before the browser receives it, it will get the max-age directive and will keep the page in its cache for up to a year.
This a problem because then there is no way for the server to invalidate the browser cache.
(I'm assuming that people usually use a long cache duration with this module, because the page will be invalidated with cache tags when it changes.)
We have this configuration in system.performance:
cache:
page:
max_age: 31536000
When deploying our website on a server with Varnish, it works fine.
But if for some reason, the Varnish config decides to let the response pass directly to the browser return(pass), the browser will cache it for a year, which is usually not what we want.
IMHO this module should return max-age=0, s-maxage=31536000 for permanently cacheable pages.
This way, it would make it explicit that the request must be cached by shared caches but not by the browser.
Show commandsStart within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #3
prudloff commentedI submitted a MR that makes the module always use s-max-age.
But I guess this would be considered a breaking change and would need to be behind a specific setting?
Comment #4
arousseau commentedI tested the changes from this MR on the latest 2.0.1
Displaying a simple test block with a hard-coded cache max-age of 36, the header went from :
cache-control
max-age=36, public
to :
cache-control
max-age=0, must-revalidate, public, s-maxage=36
Works as advertised.