Use `max-age` header to set ttl

[eschwartz]

It looks like CrispHttpCache is only looking at the the s-maxage header to set TTLs:

main.js:234
if (cacheControlInfo['s-maxage'] && !isPrivate) {
  return callback(null, parseInt(cacheControlInfo['s-maxage']) * 1000);
}

I would think that should be:

const maxAge = cacheControlInfo['s-maxage'] || cacheControlInfo['max-age'];
if (maxAge && !isPrivate) {
  return callback(null, parseInt(cacheControlInfo['s-maxage']) * 1000);
}

[four43]

Background

max-age is a portion of the Cache-Control header that directs a cache, in the most specific case, a client's local cache. The s- prefix is for "shared" and is an instruction for shared proxies. Sensitive data specific to a single user will use a max-age header of however long, while setting the s-maxage to 0, denoting that proxies in the middle of the request should not cache sensitive data. In theory someone should have set the private portion, but crisp-http-cache was designed to play it safe in the instance someone forgot. The cache itself is a shared cache so we respect s-maxage primarily.

Change

According to the spec:

The max-age directive on a response implies that the response is cacheable (i.e., "public") unless some other, more restrictive cache directive is also present.
(via https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.3)

We should also respect max-age and its assumed public-ness.

Good catch, @eschwartz

P.S. It also bugs me that max-age is properly "kebab case" where s-maxage has no second hyphen, as would be expected.