Disable session in ActiveStorage blobs and representations proxy controllers #48869
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation / Background
When configuring ActiveStorage with resolve_model_to_route in rails_storage_proxy, you would expect a CDN such as CloudFlare to cache the files. However, in the case of CloudFlare, by default, anything that has session cookies will not cache them. To work around this you can use custom rules or patch these ActiveStorage proxy controllers.
Detail
Session now is disabled in
ActiveStorage::Blobs::ProxyController
andActiveStorage::Representations::ProxyController
, including the new concernActiveStorage::DisableSession
in both controllers that does the work.This way it will not be necessary to create custom rules and works by default.
Thanks to @fleck for the idea in this comment.
Fixes #44136
Additional information
I'm not sure if or how to test this, because there is no way to access the session in
ActionDispatch::IntegrationTest
.Checklist
Before submitting the PR make sure the following are checked:
[Fix #issue-number]