Cdn cache unlogged#2858
Merged
Merged
Conversation
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Record the design for extending anonymous CDN caching beyond projects#show to static-after-startup pages (home, cookies, criteria_discussion, criteria_stats, criteria index/show) in docs/cdn-cache-not-logged-in.md. This is documentation only; the implementation will happen on a separate branch after the project-show caching ships, since it reuses Change 1 (conditional CSRF meta tag) and Change 3 (Fastly cookie-bypass rule). Key decisions captured: - Qualifying criterion: whole-body cache_frozen [locale], no mutable-DB data. - One shared MISCELLANEOUS surrogate key (avoids a purge_all that would evict the project-show, JSON, and badge caches). - Invalidation via boot-time purge + delayed re-purge, reusing the existing PurgeCdnProjectJob (which already purges an arbitrary key) triggered from Puma's on_booted hook; chosen over a new deploy-pipeline hook. - No new Fastly config; tests reuse the CdnCachingTest harness. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Implement the main plan in docs/cdn-cache-not-logged-in.md (Sections 1-9). Let the CDN serve cached "project show" HTML to anonymous visitors while never serving cached content to logged-in or otherwise personalized users. Our system is constantly pinged-on by various web spiders. By increasing our use of the CDN cache in cases where we have anonymous requests, we should have far fewer requests that our server has to address directly. Changes: * Gate csrf_meta_tags on logged_in? so anonymous read-only pages no longer write session[:_csrf_token] and thus emit no gratuitous _BadgeApp_session cookie -- making "session cookie present" a precise do-not-cache signal. * In projects#show, bail out with `return if performed?` right after redirect_obsolete_section_names so a redirect never gets page-cache headers (this also fixes a latent over-cache of the obsolete-section 301 in the existing :md path). Replace the markdown-only cache line with a new cache_on_cdn_if_safe helper that caches :md always and :html only when anonymous, flash-free, and the CACHE_SHOW_PROJECT kill switch is on. * Suppress the per-request authenticity_token on the four view-only criteria forms (_form_0/1/2/baseline). These forms are display-only and never submitted, so the token was useless and its random masking broke the byte-identical invariant the shared CDN cache relies on. * Update project_get_test's anonymous Cache-Control assertion to no-store. * Add test/integration/cdn_caching_test.rb covering the security-critical invariants: no session cookie on anonymous reads, anonymous show is cacheable and byte-identical (across passing/silver/gold/baseline/ permissions), logged-in and carried-over-flash requests bypass the cache, the CSRF meta tag is gated on login, redirects are not cached, and the show response carries the project surrogate key for purging. Fastly configuration (Change 3) and the static-page caching (Section 10) are out of scope for this commit. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2858 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 79 79
Lines 4326 4331 +5
=========================================
+ Hits 4326 4331 +5 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.