Problem/Motivation
#2471473: REST responses should have proper cache tags ensured entity cacheability metadata is present. Dealing with entity & field access was deferred to an undefined follow-up. We should fix this ASAP because it could expose sensitive information for sites with complex entity access.
(Note that the user.permissions cache context is present by default, due to a permission being required to access any of the REST routes. This is why it's okay for this to be handled in the public issue queue.)
Proposed resolution
Associate entity & field access cacheability metadata with the response.
Remaining tasks
None.
User interface changes
None.
API changes
None.
Data model changes
None.
Original report
I jumped from beta5 top beta10 with a custom simple REST endpoint module, basically following this http://enzolutions.com/articles/2014/12/16/how-to-create-a-rest-resource...
My custom endpoint /rest/articles/get returns nids of all articles.
It worked and works fine, but since some update, stale content is being served.
When I clear the Drupal cache, my endpoints returns the new nids, so it must be a cache thing.
I suspect it has something to do with the finished support for cache-tags altough #2471473: REST responses should have proper cache tags claims it has been fixed in REST output.
Now for the weird part:
When I retrieve data from the same endpoint through Chrome's Dev HTTP Client, the results are up to date! (btw: I see "X-Drupal-Cache-Tags: config:rest.settings" in the headers for the response).
So what's going on here? How do I get fresh results when using guzzle as a http client? I've ruled out browser caching.
