fix: correct no-store and no-cache behavior for entity cache

[carodewig]

Confusingly, no-store and no-cache have different meanings. Per RFC 9111:

• no-store: allows serving response from cache, but prohibits storing response in cache
• no-cache: prohibits serving response from cache, but allows storing response in cache
  (NB: no-cache actually prohibits serving response from cache without revalidation - but the router doesn't distinguish between lookup and revalidation)

The entity caching plugin was incorrectly treating no-store as both 'no serving response from the cache' and 'no storing response in the cache.'

This PR fixes that behavior.

---

Checklist

Complete the checklist (and note appropriate exceptions) before the PR is marked ready-for-review.

• PR description explains the motivation for the change and relevant context for reviewing
• PR description links appropriate GitHub/Jira tickets (creating when necessary)
• Changeset is included for user-facing changes
• Changes are compatible¹
• Documentation² completed
• Performance impact assessed and acceptable
• Metrics and logs are added³ and documented
• Tests added and passing⁴
  • Unit tests
  • Integration tests
  • Manual tests, as necessary

Exceptions

Note any exceptions here

Notes

Footnotes

1. It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this. ↩

2. Configuration is an important part of many changes. Where applicable please try to document configuration examples. ↩

3. A lot of (if not most) features benefit from built-in observability and debug-level logs. Please read this guidance on metrics best-practices. ↩

4. Tick whichever testing boxes are applicable. If you are adding Manual Tests, please document the manual testing (extensively) in the Exceptions. ↩

[apollo-librarian]

✅ Docs preview has no changes

The preview was not built because there were no changes.

Build ID: 1a07ddc4aa30f6c8e149384a
Build Logs: View logs

---

✅ AI Style Review — No Changes Detected

No MDX files were changed in this pull request.

Review Log: View detailed log

This review is AI-generated. Please use common sense when accepting these suggestions, as they may not always be accurate or appropriate for your specific context.

[carodewig]

Replaces #8951 whose git history I royally messed up

[rohan-b99]

Do we have any tests around no-cache? From a quick search most of them seemed to only cover no-store

[rohan-b99]

Rather than use an option here, does it make sense to default to CacheControl::no_store? This is only based on other places in the code where that pattern seems to be used (apollo-router/src/plugins/response_cache/plugin.rs), so let me know if I'm missing something here

[carodewig]

Good question! I believe those other places are used for the response cache-control rather than the request - we should default to both cache and store on the request side

[carodewig]

@rohan-b99 Added tests in 9020cff - good call out!