No cache-control header on local_secure images #3516

New Issue

Closed

opened 2026-02-05 06:57:00 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-05 06:57:00 +03:00

Owner

Copy Link

Originally created by @vlaborie on GitHub (Feb 17, 2023).

Describe the Bug

No cache-control header are defined on images when using local_secure storage which implies re-downloading image every time a page is loaded and bad loading time performance.

Apparently, this come from PreventAuthenticatedResponseCaching.php which complety disable cache-control header.

Steps to Reproduce

1. Enable local_secure storage for images
2. Go on any page with images
3. Images are downloaded every time a page is loaded and not cached

Expected Behaviour

Bookstack set a cache-control header with long time on image loaded from local_secure storage.

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

v21.11.1

PHP Version

No response

Hosting Environment

Docker + Kubernetes + Ingress Nginx proxy

Originally created by @vlaborie on GitHub (Feb 17, 2023). ### Describe the Bug No **cache-control** header are defined on images when using **local_secure** storage which implies re-downloading image every time a page is loaded and bad loading time performance. Apparently, this come from [PreventAuthenticatedResponseCaching.php](https://github.com/BookStackApp/BookStack/blob/development/app/Http/Middleware/PreventAuthenticatedResponseCaching.php) which complety disable cache-control header. ### Steps to Reproduce 1. Enable **local_secure** storage for images 2. Go on any page with images 3. Images are downloaded every time a page is loaded and not cached ### Expected Behaviour Bookstack set a cache-control header with long time on image loaded from local_secure storage. ### Screenshots or Additional Context _No response_ ### Browser Details _No response_ ### Exact BookStack Version v21.11.1 ### PHP Version _No response_ ### Hosting Environment Docker + Kubernetes + Ingress Nginx proxy

OVERLORD added the 🐛 Bug label 2026-02-05 06:57:00 +03:00

OVERLORD closed this issue 2026-02-05 06:57:05 +03:00

OVERLORD commented 2026-02-05 06:57:07 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 18, 2023):

Hi @vlaborie,
This isn't really a bug or break in existing logic, it's more a desire or omission compared to your expectations.

While we could add longer-cache control headers to served images, it becomes a little more complex when security/access-control is factored in, so we take a safe default of not overring the prevented caching here.
If you really desire caching to be in place for these images, you could likely force cache headers for image resources at a webserver/proxy level.

@ssddanbrown commented on GitHub (Feb 18, 2023): Hi @vlaborie, This isn't really a bug or break in existing logic, it's more a desire or omission compared to your expectations. While we could add longer-cache control headers to served images, it becomes a little more complex when security/access-control is factored in, so we take a safe default of not overring the prevented caching here. If you really desire caching to be in place for these images, you could likely force cache headers for image resources at a webserver/proxy level.

OVERLORD commented 2026-02-05 06:57:10 +03:00

Author

Owner

Copy Link

@vlaborie commented on GitHub (Feb 20, 2023):

Hi @ssddanbrown and thank's for your response.

Sorry if i mislabelled this issue, fell free to relabel it if you don't consider it as a bug.

I understand the security concern of HTTP cache but this only apply to dynamic content, like html, not on images.

I use https://github.com/solidnerd/docker-bookstack container for running Bookstack on Kubernetes and can't easily patch cache header without too much maintenance overhead for me.

I need this to be patched on the Docker container or in Bookstack directly (and i prefer this to be patched on the source).

Do you think cache-control header on images can be added on Bookstack or this is to complex because of access-control ?

I just saw you offer Bookstack support, i might be able to finance dev time for this issue if you think is doable.

@vlaborie commented on GitHub (Feb 20, 2023): Hi @ssddanbrown and thank's for your response. Sorry if i mislabelled this issue, fell free to relabel it if you don't consider it as a bug. I understand the security concern of HTTP cache but this only apply to dynamic content, like html, not on images. I use https://github.com/solidnerd/docker-bookstack container for running Bookstack on Kubernetes and can't easily patch cache header without too much maintenance overhead for me. I need this to be patched on the Docker container or in Bookstack directly (and i prefer this to be patched on the source). Do you think cache-control header on images can be added on Bookstack or this is to complex because of access-control ? I just saw you offer Bookstack support, i might be able to finance dev time for this issue if you think is doable.

OVERLORD commented 2026-02-05 06:57:14 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Mar 6, 2023):

I understand the security concern of HTTP cache but this only apply to dynamic content, like html, not on images.

Not really, It can apply to any served content including images.

... on Kubernetes and can't easily patch cache header without too much maintenance overhead for me.
I need this to be patched on the Docker container or in Bookstack directly (and i prefer this to be patched on the source)

I understand that but I'd prefer to not add complexity to the core project for what can be controlled via other means, and the complexity/inflexibility of your environment is not a viable reason for me to move that complexity to the project.

I'll therefore close this off.

@ssddanbrown commented on GitHub (Mar 6, 2023): > I understand the security concern of HTTP cache but this only apply to dynamic content, like html, not on images. Not really, It can apply to any served content including images. > ... on Kubernetes and can't easily patch cache header without too much maintenance overhead for me. > I need this to be patched on the Docker container or in Bookstack directly (and i prefer this to be patched on the source) I understand that but I'd prefer to not add complexity to the core project for what can be controlled via other means, and the complexity/inflexibility of your environment is not a viable reason for me to move that complexity to the project. I'll therefore close this off.

OVERLORD referenced this issue 2026-02-05 10:26:55 +03:00

[PR #3516] [CLOSED] Bump guzzlehttp/guzzle from 7.4.4 to 7.4.5 #6210

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐛 Bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3516