Skip to main content

Overview

The nocache middleware sets headers to prevent browsers and proxies from caching responses. Use it for sensitive data or frequently changing content.

Installation

import "github.com/go-mizu/mizu/middlewares/nocache"

Quick Start

app := mizu.New()
app.Use(nocache.New())

Headers Set

Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Surrogate-Control: no-store

Examples

Global No-Cache

app.Use(nocache.New())

Specific Routes

// Don't cache sensitive endpoints
app.Get("/api/user", userHandler, nocache.New())
app.Get("/api/account", accountHandler, nocache.New())

API Group

api := app.Group("/api")
api.Use(nocache.New())

api.Get("/users", listUsers)
api.Get("/data", getData)

API Reference

func New() mizu.Middleware

When to Use

  • User-specific data
  • Authentication responses
  • Frequently changing data
  • Sensitive information
  • Real-time data

Technical Details

The nocache middleware is implemented as a simple wrapper that sets anti-caching headers before passing control to the next handler in the chain.

Implementation

The middleware:
  1. Retrieves the response header object from the context
  2. Sets four HTTP headers to prevent caching at multiple levels:
    • Cache-Control: Provides comprehensive cache directives for HTTP/1.1
    • Pragma: Backward compatibility with HTTP/1.0 caches
    • Expires: Sets expiration to prevent caching
    • Surrogate-Control: Controls CDN and proxy caching behavior
  3. Calls the next handler in the middleware chain

Performance

  • Zero-allocation implementation
  • Minimal overhead (4 header writes per request)
  • No configuration or state management required
  • Thread-safe for concurrent requests

Best Practices

  • Apply to routes serving sensitive or user-specific data
  • Use sparingly on static content to avoid performance degradation
  • Consider combining with HTTPS for maximum security
  • Test cache behavior with browser developer tools
  • Apply at the route level rather than globally when possible

Testing

The middleware includes comprehensive tests to verify correct header configuration.
Test CaseDescriptionExpected Behavior
Cache-Control HeaderValidates the Cache-Control header is setSets “no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0”
Pragma HeaderValidates the Pragma header is setSets “no-cache” for HTTP/1.0 compatibility
Expires HeaderValidates the Expires header is setSets “0” to indicate immediate expiration
Surrogate-Control HeaderValidates the Surrogate-Control header is setSets “no-store” to prevent CDN/proxy caching