perf(server/index.ts): do not set cookies to image proxy so CDNs can cache images #3332
Conversation
|
Curious why you are having cookies sent with your image proxy. I seem unable to reproduce. My images served through Cloudflare are returning hits for the cache. |
If you enable CSRF, it gets set on every request. Cloudflare works fine if I disable CSRF, but I want the extra security the CSRF token provides. |
|
Ah right CSRF. I see. Got it. |
…cache images CDNs such as Cloudflare bypass their cache if cookies are set in the response. clearCookies middleware removes the header before imageproxy serves the image.
lunks
force-pushed
the
do-not-set-cookies-on-image-proxy
branch
from
c5d167c
to
516a255
Compare
|
@all-contributors please add @lunks for code |
|
I've put up a pull request to add @lunks! 🎉 |
|
@holopin-bot @lunks lets get a badge here! |
|
Congratulations @lunks, you just earned a badge! Here it is: https://holopin.io/claim/cle1a6vy7009508mh4kay1a0z This badge can only be claimed by you, so make sure that your GitHub account is linked to your Holopin account. You can manage those preferences here: https://holopin.io/account. |
|
Thank you for merging my PR and for the awesome project :) |
|
🎉 This PR is included in version 1.33.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
… images (sct#3332) CDNs such as Cloudflare bypass their cache if cookies are set in the response. clearCookies middleware removes the header before imageproxy serves the image.
This is only a problem if CSRF protection is enabled.
Description
CDNs like Cloudflare bypass their cache if cookies are set in the response.
clearCookies middleware removes the header before imageproxy serves the image.
I initially considered creating a
middlewarescollection and removing CSRF protection from the list if it is present for the image proxy, but removing the header is a much simpler solution.Screenshot (if UI-related)
To-Dos
yarn buildyarn i18n:extractIssues Fixed or Closed
none