The auth client automatically injects an Authorization header into every request here. That's convenient for developers, who don't need to remember to add auth headers by hand.
However, responses to auth'ed requests can't be cached by shared caches or browsers (to protect end user privacy) and are sent with maxage=0. This means that large public resources, like classification workflows, can't be cached and must be requested on every use, even though they don’t require auth headers and could be served via a CDN.
https://github.com/zooniverse/panoptes-javascript-client/blob/8157794dfacfbc1f5d41c5730b2f47aae6fc013a/lib/auth.js#L49-L50
The auth client automatically injects an Authorization header into every request here. That's convenient for developers, who don't need to remember to add auth headers by hand.
However, responses to auth'ed requests can't be cached by shared caches or browsers (to protect end user privacy) and are sent with
maxage=0
. This means that large public resources, like classification workflows, can't be cached and must be requested on every use, even though they don’t require auth headers and could be served via a CDN.