-
-
Notifications
You must be signed in to change notification settings - Fork 404
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
perf(server/index.ts): do not set cookies to image proxy so CDNs can cache images #3332
Conversation
Curious why you are having cookies sent with your image proxy. I seem unable to reproduce. My images served through Cloudflare are returning hits for the cache. |
If you enable CSRF, it gets set on every request. Cloudflare works fine if I disable CSRF, but I want the extra security the CSRF token provides. |
Ah right CSRF. I see. Got it. |
…cache images CDNs such as Cloudflare bypass their cache if cookies are set in the response. clearCookies middleware removes the header before imageproxy serves the image.
c5d167c
to
516a255
Compare
@all-contributors please add @lunks for code |
I've put up a pull request to add @lunks! 🎉 |
@holopin-bot @lunks lets get a badge here! |
Congratulations @lunks, you just earned a badge! Here it is: https://holopin.io/claim/cle1a6vy7009508mh4kay1a0z This badge can only be claimed by you, so make sure that your GitHub account is linked to your Holopin account. You can manage those preferences here: https://holopin.io/account. |
Thank you for merging my PR and for the awesome project :) |
🎉 This PR is included in version 1.33.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
… images (sct#3332) CDNs such as Cloudflare bypass their cache if cookies are set in the response. clearCookies middleware removes the header before imageproxy serves the image.
This is only a problem if CSRF protection is enabled.
Description
CDNs like Cloudflare bypass their cache if cookies are set in the response.
clearCookies middleware removes the header before imageproxy serves the image.
I initially considered creating a
middlewares
collection and removing CSRF protection from the list if it is present for the image proxy, but removing the header is a much simpler solution.Screenshot (if UI-related)
To-Dos
yarn build
yarn i18n:extract
Issues Fixed or Closed
none