MarcAgate
commented
4 years ago Cache control header is now managed "by endpoint". There is no general way to address that issue since we have two levels of authentication : by endpoint and possibly by resource (in which case the cache header must be set within the endpoint implementation, according to the request param)
if I understand rfc7234 correctly, the cache control headers should have a
publicclaim for all public URLs (those which result doesn't depend on the authentication of the user)