Skip to content

Cdn cache unlogged#2858

Merged
david-a-wheeler merged 3 commits into
mainfrom
cdn_cache_unlogged
Jun 26, 2026
Merged

Cdn cache unlogged#2858
david-a-wheeler merged 3 commits into
mainfrom
cdn_cache_unlogged

Conversation

@david-a-wheeler

Copy link
Copy Markdown
Collaborator

No description provided.

david-a-wheeler and others added 3 commits June 25, 2026 21:05
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Record the design for extending anonymous CDN caching beyond projects#show
to static-after-startup pages (home, cookies, criteria_discussion,
criteria_stats, criteria index/show) in docs/cdn-cache-not-logged-in.md.

This is documentation only; the implementation will happen on a separate
branch after the project-show caching ships, since it reuses Change 1
(conditional CSRF meta tag) and Change 3 (Fastly cookie-bypass rule).

Key decisions captured:
- Qualifying criterion: whole-body cache_frozen [locale], no mutable-DB data.
- One shared MISCELLANEOUS surrogate key (avoids a purge_all that would evict
  the project-show, JSON, and badge caches).
- Invalidation via boot-time purge + delayed re-purge, reusing the existing
  PurgeCdnProjectJob (which already purges an arbitrary key) triggered from
  Puma's on_booted hook; chosen over a new deploy-pipeline hook.
- No new Fastly config; tests reuse the CdnCachingTest harness.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Implement the main plan in docs/cdn-cache-not-logged-in.md (Sections 1-9).
Let the CDN serve cached "project show" HTML to anonymous visitors while
never serving cached content to logged-in or otherwise personalized users.

Our system is constantly pinged-on by various web spiders.
By increasing our use of the CDN cache in cases where we have
anonymous requests, we should have far fewer requests that
our server has to address directly.

Changes:

* Gate csrf_meta_tags on logged_in? so anonymous read-only pages no longer
  write session[:_csrf_token] and thus emit no gratuitous _BadgeApp_session
  cookie -- making "session cookie present" a precise do-not-cache signal.

* In projects#show, bail out with `return if performed?` right after
  redirect_obsolete_section_names so a redirect never gets page-cache headers
  (this also fixes a latent over-cache of the obsolete-section 301 in the
  existing :md path). Replace the markdown-only cache line with a new
  cache_on_cdn_if_safe helper that caches :md always and :html only when
  anonymous, flash-free, and the CACHE_SHOW_PROJECT kill switch is on.

* Suppress the per-request authenticity_token on the four view-only criteria
  forms (_form_0/1/2/baseline). These forms are display-only and never
  submitted, so the token was useless and its random masking broke the
  byte-identical invariant the shared CDN cache relies on.

* Update project_get_test's anonymous Cache-Control assertion to no-store.

* Add test/integration/cdn_caching_test.rb covering the security-critical
  invariants: no session cookie on anonymous reads, anonymous show is
  cacheable and byte-identical (across passing/silver/gold/baseline/
  permissions), logged-in and carried-over-flash requests bypass the cache,
  the CSRF meta tag is gated on login, redirects are not cached, and the
  show response carries the project surrogate key for purging.

Fastly configuration (Change 3) and the static-page caching (Section 10)
are out of scope for this commit.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
@codecov

codecov Bot commented Jun 26, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (b742504) to head (3c82ebd).

Additional details and impacted files
@@            Coverage Diff            @@
##              main     #2858   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           79        79           
  Lines         4326      4331    +5     
=========================================
+ Hits          4326      4331    +5     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@david-a-wheeler david-a-wheeler merged commit 27bb73a into main Jun 26, 2026
8 checks passed
@david-a-wheeler david-a-wheeler deleted the cdn_cache_unlogged branch June 26, 2026 02:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant