From 45c75113b05f581339fa749eec4c50c91df9878e Mon Sep 17 00:00:00 2001 From: Justin Geibel Date: Thu, 2 Apr 2020 00:21:35 -0400 Subject: [PATCH] Serve more static files from nginx Serve more folders containing files with hashed filenames directly from nginx with a max expiration date. Additionally, some unhashed static files are allowed to be cached for up to 1 day. These changes serve as a workaround for an authentication issue. Currently `conduit-cookie` includes a `Set-Cookie` header in every backend response. During the authentication steps, the popup window requests static assets such as `favicon.ico` and `cargo-{hash}.png`. If these assets are served by the backend, they will echo whatever cookie was sent in the request. Therefore, there is a race between the request to `/api/private/session/authorize?...` and requests for these static assets. If a request for one of these assets is sent before authorization is complete and the response arrives after successful authorization, then the stale cookie will be stored again by the browser, overwriting the contents. I've opened conduit-rust/conduit-cookie#12 to track the progress of the proposed long-term solution. This commit should be sufficient to fix the behavior for now and should reduce the number of requests for these static assets (due to improved caching). Closes #2252 r? @carols10cents --- config/nginx.conf.erb | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/config/nginx.conf.erb b/config/nginx.conf.erb index cae7583a38a..f9541b3d1b4 100644 --- a/config/nginx.conf.erb +++ b/config/nginx.conf.erb @@ -132,13 +132,27 @@ http { server_name _; keepalive_timeout 5; - location ~ ^/assets/ { + location ~ ^/(assets|ember-fetch|moment)/ { add_header X-Content-Type-Options nosniff; add_header Cache-Control public; root dist; expires max; } + location ~ ^/cargo-[0-9a-f]*\.png$ { + add_header X-Content-Type-Options nosniff; + add_header Cache-Control public; + root dist; + expires max; + } + + location ~ /(favicon\.ico|robots\.txt|opensearch\.xml) { + add_header X-Content-Type-Options nosniff; + add_header Cache-Control public; + root dist; + expires 1d; + } + add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block";