Clarify the type option of the cache interceptor #4299
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
People not knowing well the HTTP cache semantic may misleadingly believe that `private` is a safer choice than `shared`. Add a bit of guidance about the effect of private.
metcoder95
reviewed
Jun 27, 2025
| @@ -1104,7 +1104,7 @@ The `cache` interceptor implements client-side response caching as described in | |||
| - `store` - The [`CacheStore`](/docs/docs/api/CacheStore.md) to store and retrieve responses from. Default is [`MemoryCacheStore`](/docs/docs/api/CacheStore.md#memorycachestore). | |||
| - `methods` - The [**safe** HTTP methods](https://www.rfc-editor.org/rfc/rfc9110#section-9.2.1) to cache the response of. | |||
| - `cacheByDefault` - The default expiration time to cache responses by if they don't have an explicit expiration. If this isn't present, responses without explicit expiration will not be cached. Default `undefined`. | |||
| - `type` - The type of cache for Undici to act as. Can be `shared` or `private`. Default `shared`. | |||
| - `type` - The [type of cache](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Caching#types_of_caches) for Undici to act as. Can be `shared` or `private`. Default `shared`. `private` implies privately cacheable responses will be cached and potentially shared with other users of your application. | |||
There was a problem hiding this comment.
Example end result:
Ethan-Arrowood
approved these changes
Jun 30, 2025
metcoder95
approved these changes
Jul 4, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
People not knowing well the HTTP cache semantic may misleadingly believe that
privateis a safer choice thanshared. Add a bit of guidance about the effect of private.This relates to...
The
typeoption of the cache interceptor, so, HTTP caching of fetches done by Undici.Rationale
The
privatetypeoption of the cache interceptor causes the Undici HTTP cache to act as a private cache while in most circumstances a Node.js application will be shared between many users. This can lead to private data leakage. Furthermore people not understanding well the HTTP cache semantic may misleadingly think choosingprivateinstead ofsharedis safer.Changes
Add some guidance about the
privatechoice.Features
N/A
Bug Fixes
N/A
Breaking Changes and Deprecations
None
Status