http.send always cache response even when setting cache field to false

[KellyZhou35]

Hi,

I'm working with a policy that needs to call another API to get the most up-to-date authorization information and in this case I don't want any cache in place. So when send out the http request, I used following line:

a = http.send({"method": "GET", "url": sprintf("%s/%s/%s", [api_prefix, id, api_suffix]), "headers": headers, "cache": false})

However, even with cache set to false (I know by default it's false, but removing it didn't help so I explicitly added it here), after I change authorization info from the external API and the API is giving me a new response, I'm still seeing the old response(or the cached response) from policy evaluation.

So I'm curious is it the way it's working or I miss anything from the documentation? How should I turn off the cache option in this case?

btw, following is the response header I received from the policy evaluation:

"headers": {
"access-control-allow-credentials": [
"true"
],
"access-control-allow-headers": [
"access-control-allow-origin, origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey"
],
"access-control-allow-methods": [
"GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH"
],
"access-control-allow-origin": [
"*"
],
"access-control-max-age": [
"3600"
],
"cache-control": [
"no-cache, no-store, must-revalidate"
],
"content-security-policy": [
"default-src 'self'"
],
"content-type": [
"application/json"
],
"correlation-id": [
"d4e71c58-5909-4c67-931c-7323fbdce44d"
],
"date": [
"Thu, 25 May 2023 08:13:16 GMT"
],
"expires": [
"0"
],
"request-context": [
"appId=cid-v1:8eb6998f-bfb8-4150-b55d-6abd36e81ce2"
],
"server": [
"envoy"
],
"set-cookie": [
"JSESSIONID=385D3C1F110CA949FE572345E52EC89C; Path=/api/orbit/v1; HttpOnly"
],
"strict-transport-security": [
"max-age=31536000; includeSubDomains"
],
"x-content-type-options": [
"nosniff"
],
"x-envoy-upstream-service-time": [
"52"
],
"x-frame-options": [
"DENY"
],
"x-xss-protection": [
"1; mode=block"
]
},

[ashutosh-narkar]

@KellyZhou35 the cache parameter caches response across OPA queries. Are you making multiple http.send calls within the same query? Can you share your policy?