授权标头时绕过FastCGI缓存

本文介绍了授权标头时绕过FastCGI缓存的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我已经在Nginx中为Laravel API应用实现了FastCGI缓存，但是我意识到我不希望缓存返回与用户相关的数据的端点.我正在使用JWT Auth，并在标头中将令牌作为Authorization: Bearer ...传递，以便对用户请求进行身份验证.如果请求中存在此标头，我想不出一种方法来禁用FastCGI缓存.这就是我在Nginx中拥有的东西:

I have implemented FastCGI caching in Nginx for a Laravel API app but I realized I don't want endpoints that return user-related data to be cached. I'm using JWT Auth and I passing the token as Authorization: Bearer ... in the headers in order to authenticate user requests. I couldn't figure out a way to disable FastCGI cache if this header is present in the request. This is what I have in my Nginx:

fastcgi_cache_path /etc/nginx-cache levels=1:2 keys_zone=phpcache:100m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; location ~ \.php$ { try_files $uri /index.php =404; fastcgi_pass php-upstream; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_read_timeout 600; fastcgi_cache phpcache; # The name of the cache key-zone to use fastcgi_cache_key $scheme$host$request_uri$request_method; fastcgi_cache_valid 200 30s; fastcgi_cache_methods GET HEAD; # What to cache: only GET and HEAD requests (not POST) add_header X-Fastcgi-Cache $upstream_cache_status; # Add header so we can see if the cache hits or misses fastcgi_cache_use_stale updating error timeout invalid_header http_500; fastcgi_pass_header Set-Cookie; fastcgi_pass_header Cookie; fastcgi_hide_header X-Powered-By; fastcgi_cache_lock on; fastcgi_ignore_headers Cache-Control Expires Set-Cookie; include fastcgi_params; fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; } #Cache everything by default set $no_cache 0; #Don't cache the following URLs if ($request_uri ~* "/admin/)") { set $no_cache 1; }

我也已将此添加到我的.htaccess

I have also added this to my .htaccess

# Handle Authorization Header RewriteCond %{HTTP:Authorization} ^(.+)$ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

推荐答案

我想我明白了.我修改了这些行，现在忽略了标头中具有授权"的那些请求:

I think I figured it out. I modified these lines and now it's ignoring those requests that has Authorization in the header:

fastcgi_cache_bypass $no_cache $http_authorization; fastcgi_no_cache $no_cache $http_authorization;