BlobCache, Style Library, and anonymous users
By default, the Style Library (and Master Pages gallery for that matter) is breaking permission inheritance. However, during its creation, the SPList.AllowEveryoneViewItems property is set to true – thus giving anonymous users access – remember, the list is created before anonymous access is given, this property thus simplifies giving access to everyone during creation.
If you enable anonymous access (i.e.: Entire Web Site) on the root permission, and you access the site anonymously, you will not be prompted for credentials. However, when the BlobCache goes through the list’s permissions, it doesn’t find anonymous access and will not serve the request.
As a result, while the file is saved in the BlobCache directory but not served to the user from that cache, the cache-control Http Header will still contain “private, max-age=0”. At the next user request, the browser will validate its cache against the file on the server and return a 304.
The workaround is simple, the first step is to explicitly give anonymous access to the Style Library – either by resetting to inherit from parent or by giving anonymous access. The 2nd step is to clear the BlobCache on all zones and all servers.
The ‘Clear BlobCache’ checkbox in the ‘Object Cache’ page will only clear it for that zone for that server – you should clear it either through the web application property. Changing the BlobCache directory (in the web.config of all servers for all zones) the BlobCache will also work.
While Chris’ last post regarding this did essentially provide the workaround, there was some confusion due to the nature of the tests (which can bring false positive or false negative results if you don’t follow steps rigorously), and the cache clearing that may be inaccurate if you do it on the wrong zone/server.
If your WCM portal use files from the Style Library (or any other list you created and set the AllowEveryoneViewItems property) and allows anonymous access, make sure you update the list’s permission and clear the BlobCache on all zones/servers. This will allow user to cache the files and reduce the server impact (i.e.: the 304s) considerably. This should be part of your “provide anonymous access” procedure.
A correctly configured BlobCache is essential to a high performing web site.