Dont serve cache if API authorization fails

Question

Dont serve cache if API authorization fails

ZaidWaseem10 opened this issue 4 years ago · 1 comments

I have an API KEY header with each request. Generally whats happening is that if the first request has correct api key, the response will be cached. Now if anyone makes a request to the same endpoint without correct api key, the cache will also be served. It fails the security measures taken for the endpoint. Is there any way to validate API-KEY in each and every request? even though the response is cached.

Answer 1 · 2020-09-24T20:15:30.000Z

@ZaidWaseem10 I think it is matter of how you put middlewares in order.
You need to put authorization middleware in front of cache middleware.