The configurations you posted applies to "real" static files, as in typical frontend bundles located in the website package.
Asset files from Episerver has a different behaviour. But you can easily change the behaviour of Episever assets file caching to be be either private, public or a hybrid (the default).
The feature is documented here, but the configuration entries are not added to web.config by default. So you will have to mix it into your web.config, like this:
<configuration> <configSections> <section name="staticFile" type="EPiServer.Framework.Configuration.StaticFileSection, EPiServer.Framework.AspNet"/> </configSections> <staticFile cacheControl="public" enableOutputCache="false" expirationTime="12:0:0" /> </configuration>
Thank you Stefan.
I actually already had the following in my config file - but it didn't include the cacheControl property.
<staticFile expirationTime="365:0:0" />
Would it make sense to limit it to certain locations?
<location path="globalassets"> <staticFile expirationTime="365.00:00:00" cacheControl="Public"/> </location> <location path="siteassets"> <staticFile expirationTime="365.00:00:00" cacheControl="Public"/> </location>
This setting applies globally to the asset handler, so it cannot be limited to specific paths.
In https://support.episerver.com/hc/en-us/articles/360006594552-Configure-browser-caching-in-DXC-Azure-environment they use locations?:
The below setting may also be needed if you want to leverage the globalasset's static files <configuration> ... <location path="GlobalAssets"> <staticFile expirationTime="7.00:00:00" cacheControl="Public"/> </location> </configuration>
Just an FYI: By making the cache control public you could end up with access rights protected assets in the CDN. I.e. after a user has requested a protected asset, then ALL users can access it. You basically have to purge the CDN to get rid of it.
We have setup caching for static content as described in https://world.episerver.com/documentation/developer-guides/digital-experience-platform/development-considerations/cdn-recommendations/, and it works fine for anonymous users. However, when a user is logged in to Episerver cache-control:private is send in the response instead.
As we are using authentication for our end-users (we are provinding an extranet), it does not make any sense for us not to cache static content for those users.
Anyone who knows why cache-control: private is used by Episerver when a user is authenticated?
Our relevante sections in web.config are as follows: