How to force Chrome NOT to cache redirects?

Question

A simple HTML code:

<img src="http://someaddr/image.php">

image.php is a script that returns a random Redirect to a static image with all necessary no-cache headers:

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Location: http://someaddr/random_image_12345.jpg

The problem: when navigating back and forward to this HTML page, Chrome (latest win/mac) does not revalidate address http://someaddr/image.php.

I have tried using redirects 302 and also 303 (which in RFC has stronger requirement that it should NEVER been cached by browser). This works like a charm in IE, FireFox, Opera. They always refresh http://someaddr/image.php. But Chrome doesn't.

I have even used Developer Tools in Chrome, and it seems that in Network Log it even don't shows any attempt (cached or not) of fetching http://someaddr/image.php. Network Log shows only one connection already to http://someaddr/random_image_12345.jpg (cached). Why this is so broken...

I know the naive/simple solution of putting query string in image source:

    <img src="http://someaddr/image.php?refresh={any random number or timestamp}">

But I don't like/can't use hacks like that. Are there ANY other options?

Have you tried with `Expires: -1` ? Also add `no-store` to pragma — aldo.roman.nurena, Nov 25 '12 at 17:38
I have investigated chrome even more. I've made a JavaScript on the page, that dynamically inserts into the page content. Even in this case Chromes refuses to connect to origin src URL. — thedk, Nov 25 '12 at 18:39
it seems `no-store` instead of `no-cache` does the trick. you look at this: http://stackoverflow.com/questions/4146813/how-to-stop-chrome-from-caching — aldo.roman.nurena, Nov 25 '12 at 19:30
I have tried different combination of single "no-store", "no-store" with "no-cache". Nothing seems to work. — thedk, Nov 25 '12 at 22:02
@thedk Have you had any luck with this? According to a commenter on [this bug report](https://code.google.com/p/chromium/issues/detail?id=103458) , "It seems like Chrome is caching the response of the second (redirected) request against the values of the initial request rather than properly caching them as 2 independent HTTP requests." so maybe that holds the key for preventing caching. — Myrne Stol, May 22 '13 at 11:17

JxAxMxIxN · Answer 1 · 2013-09-26T00:48:19.757

5

Try a 307 redirect

But if you're stuck trying to get to a link that won't work due to a cached redirect...

This doesn't clear the cache but it's one quick and possible route around it if you're pulling your hair out trying to get to a link that has been redirect cached.

Copy the link address into the address bar and add some GET information to the address.

EXAMPLE If your site is http://example.com

Put a ?x=y at the end of it 
( example.com?x=y ) - the x and y could be anything you want.

If there is already a ? in the url with some info after it

( example.com?this=that&true=t ) - try to add &x=y to the end of it...

( example.com?this=that&true=t&x=y )

edited Sep 26 '13 at 00:48

answered Sep 25 '13 at 23:58

JxAxMxIxN

1,711
1
17
20

1

From within the page, using `window.location`, for example, the randomized get request is the one that worked for me. I create a GUID-like random string and append it as a get. And x is all you really need, i.e., `example.com?x`, where x is a random key value. – ps2goat Mar 04 '14 at 20:14
Also to note: try not to use anything your server script might use, otherwise you might get conflicting results... To be safe you could just type a bunch of garble ( example.com?kjsdjksdjhkds) – JxAxMxIxN Feb 23 '15 at 16:27

score -3 · Answer 2 · answered Nov 25 '12 at 18:03

From a link posted in another question:

 The first header Cache-Control: must-revalidate means that browser must send validation request every time even if there is already cache entry exists for this object.
Browser receives the content and stores it in the cache along with the last modified value.
Next time browser will send additional header:
If-Modified-Since: 15 Sep 2008 17:43:00 GMT

This header means that browser has cache entry that was last changed 17:43.
Then server will compare the time with last modified time of actual content and if it was changed server will send the whole updated object along with new Last-Modified value.

If there were no changes since the previous request then there will be short empty-body answer:
HTTP/1.x 304 Not Modified

You can use HTTP's etags and last modified dates to ensure that you're not sending the browser data it already has cached.

$last_modified_time = filemtime($file); 
$etag = md5_file($file); 

header("Last-Modified: ".gmdate("D, d M Y H:i:s", $last_modified_time)." GMT"); 
header("Etag: $etag"); 

if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified_time || 
    trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) { 
    header("HTTP/1.1 304 Not Modified"); 
    exit; 
}

This answer is not relevant to the problem. The problem is that Chrome does not even tries to connect to server. It's not a problem of server caching and returning 304. — thedk, Nov 25 '12 at 18:38
Hmm ... My bad, it looks like you made that clear when you said it works with other browsers. — awm, Nov 25 '12 at 23:33
But you mention that adding a random number works; which means chrom is sending a request to the server. How do you explain that? — awm, Nov 26 '12 at 00:15
When I navigate back to the page, chrome downloads it from the server, but in some mysterious way he never look for http://someaddr/image.php. He behave like there was another link (http://someaddr/random_image_12345.jpg) put in because connection log shows only that he tried to fetch http://someaddr/random_image_12345.jpg (cached). — thedk, Nov 27 '12 at 21:51

How to force Chrome NOT to cache redirects?

2 Answers2

Linked