Closed flim closed 1 month ago
@flim
I believe you are doing something conceptually wrong - why would you want to cache authenticated requests? This is a security vulnerability. h3
is correctly protecting you from shooting your own legs.
[!CAUTION] I highly advise you against caching any user-specific data - it IS a vulnerability regardless of your usecase.
In case you still want to cache this - you need to provide header names (authorization
and cookie
) to varies
: https://nitro.unjs.io/guide/cache#options
Environment
Reproduction
When authenticated. Call internal server api (eg.
/api/test
) from page withOn server side
Describe the bug
As an authenticated user, when I call the internal server api that implementing
cachedEventHandler
, the value returned bygetToken
andgetServerSession
arenull
.But works when using classical
eventHandler
.Additional context
No response
Logs
No response