nginx shouldn't allow browser cache of css/js, fixes #2404 (#2413)

pkg/ddevapp/webserver_config_packr_assets/nginx-site-backdrop.conf

@@ -88,10 +88,17 @@ server {
     }
 
     # Media: images, icons, video, audio, HTC
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+    location ~* \.(png|jpg|jpeg|gif|ico|svg)$ {
         try_files $uri @rewrite;
         expires max;
         log_not_found off;
     }
+
+    # js and css always loaded
+    location ~* \.(js|css)$ {
+        try_files $uri @rewrite;
+        expires -1;
+        log_not_found off;
+    }
     include /mnt/ddev_config/nginx/*.conf;
 }

pkg/ddevapp/webserver_config_packr_assets/nginx-site-drupal6.conf

@@ -73,12 +73,19 @@ server {
     # Expire rules for static content
 
     # Media: images, icons, video, audio, HTC
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+    location ~* \.(png|jpg|jpeg|gif|ico|svg)$ {
         try_files $uri @rewrite;
         expires max;
         log_not_found off;
     }
 
+    # js and css always loaded
+    location ~* \.(js|css)$ {
+        try_files $uri @rewrite;
+        expires -1;
+        log_not_found off;
+    }
+
     # Prevent clients from accessing hidden files (starting with a dot)
     # This is particularly important if you store .htpasswd files in the site hierarchy
     # Access to `/.well-known/` is allowed.

pkg/ddevapp/webserver_config_packr_assets/nginx-site-drupal7.conf

@@ -66,12 +66,19 @@ server {
     # Expire rules for static content
 
     # Media: images, icons, video, audio, HTC
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+    location ~* \.(png|jpg|jpeg|gif|ico|svg)$ {
         try_files $uri @rewrite;
         expires max;
         log_not_found off;
     }
 
+    # js and css always loaded
+    location ~* \.(js|css)$ {
+        try_files $uri @rewrite;
+        expires -1;
+        log_not_found off;
+    }
+
     # Prevent clients from accessing hidden files (starting with a dot)
     # This is particularly important if you store .htpasswd files in the site hierarchy
     # Access to `/.well-known/` is allowed.

pkg/ddevapp/webserver_config_packr_assets/nginx-site-drupal8.conf

@@ -86,11 +86,18 @@ server {
     }
 
     # Media: images, icons, video, audio, HTC
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+    location ~* \.(png|jpg|jpeg|gif|ico|svg)$ {
         try_files $uri @rewrite;
         expires max;
         log_not_found off;
     }
 
+    # js and css always loaded
+    location ~* \.(js|css)$ {
+        try_files $uri @rewrite;
+        expires -1;
+        log_not_found off;
+    }
+
     include /mnt/ddev_config/nginx/*.conf;
 }

pkg/ddevapp/webserver_config_packr_assets/nginx-site-drupal9.conf

@@ -87,11 +87,18 @@ server {
     }
 
     # Media: images, icons, video, audio, HTC
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+    location ~* \.(png|jpg|jpeg|gif|ico|svg)$ {
         try_files $uri @rewrite;
         expires max;
         log_not_found off;
     }
 
+    # js and css always loaded
+    location ~* \.(js|css)$ {
+        try_files $uri @rewrite;
+        expires -1;
+        log_not_found off;
+    }
+
     include /mnt/ddev_config/nginx/*.conf;
 }

pkg/ddevapp/webserver_config_packr_assets/nginx-site-magento2.conf

@@ -101,7 +101,7 @@ server {
             rewrite ^/static/(version[^/]+/)?(.*)$ /static/$2 last;
         }
 
-        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|json)$ {
+        location ~* \.(ico|jpg|jpeg|png|gif|svg|swf|eot|ttf|otf|woff|woff2|json)$ {
             add_header Cache-Control "public";
             add_header X-Frame-Options "SAMEORIGIN";
             expires +1y;
@@ -110,6 +110,16 @@ server {
                 rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
             }
         }
+        location ~* \.(js|css)$ {
+            add_header Cache-Control "public";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires -1;
+
+            if (!-f $request_filename) {
+                rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
+            }
+        }
+
         location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
             add_header Cache-Control "no-store";
             add_header X-Frame-Options "SAMEORIGIN";
@@ -132,12 +142,19 @@ server {
             deny all;
         }
 
-        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+        location ~* \.(ico|jpg|jpeg|png|gif|svg|swf|eot|ttf|otf|woff|woff2)$ {
             add_header Cache-Control "public";
             add_header X-Frame-Options "SAMEORIGIN";
             expires +1y;
             try_files $uri $uri/ /get.php$is_args$args;
         }
+        location ~* \.(js|css)$ {
+            add_header Cache-Control "public";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires -1;
+            try_files $uri $uri/ /get.php$is_args$args;
+        }
+
         location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
             add_header Cache-Control "no-store";
             add_header X-Frame-Options "SAMEORIGIN";

pkg/ddevapp/webserver_config_packr_assets/nginx-site-wordpress.conf

@@ -81,9 +81,14 @@ server {
         fastcgi_param HTTPS $fcgi_https;
     }
 
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+    location ~* \.(png|jpg|jpeg|gif|ico)$ {
         expires max;
         log_not_found off;
     }
+    location ~* \.(js|css)$ {
+        expires -1;
+        log_not_found off;
+    }
+
     include /mnt/ddev_config/nginx/*.conf;
 }