Description
currently, the CachePlugin does not cache when the no-store or private directive is active. however, we ignore no-cache. should we respect that one as well?
btw, not caching on the private header might be wrong. "private" means a shared proxy may not cache this. it depends on the scenario whether our client is a shared "proxy" or only for a single end user. (api calls with an api username would be single user and caching "private" should be fine).
maybe we should add an option to specify which headers are considered uncacheble, defaulting to all 3 of private, no-cache and no-store. users could then overwrite the default list with their things, possibly even work around no-store from a faulty server.
another thing is cookie handling: on a proxy, you never cache if there are Authorization or Cookie headers around, for fear of mixing up content. for a client this is less clear, depends on the scenario. might require another option on the plugin? or as joel proposes below, two separate plugins for the two different roles.