sebastienros
commented
2 years ago The code you are referencing seems to be customizable. You just need to replace it with your own logic.
Closed bretthacker closed 1 year ago
sebastienros
commented
2 years ago The code you are referencing seems to be customizable. You just need to replace it with your own logic.
bretthacker
commented
1 year ago That's what I ultimately did, with a fork.
I see in https://github.com/madskristensen/WebEssentials.AspNetCore.OutputCaching/blob/master/src/OutputCacheOptions.cs#L44
that the test to qualify the request as cacheable always tests auth. I get the security implications AND there are scenarios where I'd like to override. For example, I need to dynamically derive an image from the logged-in user's name. I'm going to hit that image repeatedly during this session but I don't need to constantly run the algorithm and go to the source to get it. And, I vary the request path based on the user, AND in this specific use case I don't care if someone were to alter the request string and plug in someone else's name - they're ALL authed to the same tenancy and have access to the shared directory in RO mode for this attribute anyway.
So I'd like the option to notice that this edge case exists and override the test via an option that I could put in a profile I'd create. To the extent that most of my work occurs in authenticated environments, I can never leverage output caching with this being hardcoded.