Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove set-cookie header on custom.css #16314

Merged
merged 2 commits into from
May 30, 2021
Merged

Remove set-cookie header on custom.css #16314

merged 2 commits into from
May 30, 2021

Conversation

tribela
Copy link
Contributor

@tribela tribela commented May 26, 2021

/custom.css intended to be cached, But was not cached by nginx, cdn because it has Set-Cookie header.
This commit will fix that problem.

ClearlyClaire
ClearlyClaire requested changes May 26, 2021
View reviewed changes
Copy link
Contributor

@ClearlyClaire ClearlyClaire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not seem to actually work. I think I already had investigated session_options[:skip] in the past and it only worked with Rails 4?
In any case, I'm currently investigating why a session is accessed at all in the first place in this controller.

@ClearlyClaire
Copy link
Contributor

ClearlyClaire commented May 26, 2021
edited
Loading

ok so, session_options[:skip] does kind of work, except it does not prevent a request with the _session_id cookie from having that cookie sent back for some reason.

Cookies are initially set because of the Localized concern, so adding skip_around_action :set_locale should help. I'd also add a test in the testsuite to ensure no cookies are set from an anonymous request.

Now, because of the _session_id stuff, most requests will probably have a cookie anyway, still looking into how to get rid of that…

EDIT: found why the _session_id cookie was sent, see next message

@ClearlyClaire
Copy link
Contributor

Adding the following avoids a session cookie being sent in all cases:

  skip_before_action :update_user_sign_in
  skip_before_action :set_session_activity
  skip_around_action :set_locale

At this point, we may want to have the controller use another base controller class entirely, but this should be enough for the time being. More generally, we might want to review all controllers to ensure we are not needlessly updating/re-sending the session cookie.

ClearlyClaire
ClearlyClaire approved these changes May 30, 2021
View reviewed changes
app/controllers/custom_css_controller.rb

before_action :set_cache_headers

def show
expires_in 3.minutes, public: true
request.session_options[:skip] = true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's of any use, but it doesn't hurt either.

@Gargron Gargron merged commit 5ef216d into mastodon:main May 30, 2021
@tribela tribela deleted the custom-css-cache branch November 22, 2021 00:37
ClearlyClaire pushed a commit to ClearlyClaire/mastodon that referenced this pull request Jan 28, 2022
@tribela @ClearlyClaire
Remove set-cookie header on custom.css (mastodon#16314)
678e0ad 
* Remove set-cookie header on custom.css

* Additional fix for set-cookie
chrisguida pushed a commit to Start9Labs/mastodon that referenced this pull request Feb 26, 2022
@tribela @chrisguida
Remove set-cookie header on custom.css (mastodon#16314)
8cc35ab 
* Remove set-cookie header on custom.css

* Additional fix for set-cookie
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ykzts ykzts ykzts approved these changes

@ClearlyClaire ClearlyClaire ClearlyClaire approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@tribela @ClearlyClaire @ykzts @Gargron