Vulnerability in EPiServer.Forms
We are making use of the attribute 'httpCacheExpiration' which is set in the episerver.config/web.config on a 7.5 site
We believed that having this setting wouldn't cache any blocks on the page.
However, we have noticed that this isnt the case and blocks are indeed being cached.
Is anyone able to confirm that this is the correct behaviour?
Thanks in advance,
The page and block is cached with episerver if you have the attribute on the page controller, [ContentOutputCache]. This is important witch blocks that have a controller if not you will cache block and page together.
More from episerver:
We also add the “ContentOutputCache” to the action to make sure it’s cached. This is very important when using local blocks or content areas on a page, where the sub content has controllers. For every sub content with a controller (it’s possible to have a page or block with only a view), we will make a new request to render the sub content. This costs. By using the “ContentOutputCache” we will cache the output until someone publishing something in the CMS. If you can’t use the “ContentOutputCache”, for example when using child actions (RenderAction), consider skipping the controller for the block.