Login/Register
How to ensure my CDN caches CORS requests by origin?
Asked Answered
Solved cdnakamaivary
N

2

2

I currently use Akamai as a CDN for my app, which is served over multiple subdomains.

I recently realized that Akamai is caching CORS requests the same, regardless of the origin from which they were requested.

This of course causes clients that make requests with a different Origin than the cached response to fail (since they have a different response header for Access-Control-Allow-Origin than they should)

Many suggest supplying the Vary: Origin request header to avoid this issue, but according to Akamai's docs and this Akamai community post, this isn't supported by Akamai.

How can I force Akamai to cache things uniquely by Origin if an Origin header is present in the request?

Normative answered 21/3, 2018 at 17:31 Comment(0)
N
2

I did some research, and it appears this can be done by adding a new Rule in your Akamai config, like so:

Note that if you do this - REMEMBER - this changes your cache key at Akamai, so anything that was cached before is essentially NOT CACHED anymore! Also, as noted in the yellow warning labels, this can make it harder to force reset your cache using Akamai's url purging tools. You could remove the If block, and just include Origin header as a similar Cache ID Modification rule too, if you were ok with changing the cache key for all your content that this rule would apply to.

So in short, try this out on a small section of your site first!

More details can be found in this related post on Stack Overflow

enter image description here

Normative answered 21/3, 2018 at 17:39 Comment(0)
L
1

We have hosted an API on Akamai. I had similar requirement, but we wanted to use the cached response on Akamai for all the touchpoints. But without CORS settings, it used to cache the response from first origin, and then keep it in cache, and the following requests from other touch points use to fail due to cached origin header.

We solved the problem with using API Gateway feature provided by Akamai. You can find it under API Definition. Custom cache parameters can also be defined here. Please see the screen shot for the CORS settings. Now it cached the response from backend and serve to the requester as per the allowed origin list.

CORS Setting in API Definition

Log answered 2/7, 2020 at 15:23 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.