-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent caching issues #1776
Comments
That's the one! |
Added query parameters in #1782. This is not a complete solution to this issue though. If that is the solution to go for at the very least we should have a script that updates those value for every new release. |
Note that we don't want to leak the exact version number. So one solution could be to generate a random hash when first starting a new version, storing it, and using that. Or just generate a new hash every time the server restarts as having one cache miss after a server restart is not a big issue. This would result in different values for worker threads. Alternatively we could store the value to have it be the same for all worker threads but not really a necessity. Having a new value on every restart would also help during development when the file is being changed. |
That feels very close to security-through-obscurity, which generally gives a false sense of server security. I can't think of a good reason to work to avoid "leaking" the version number if it's trivially discoverable through something like an HTML |
It's not that the security of the server depends on it, but if we can do it like that without extra hassle we might as well do it like that. Server administrators can know the version of their server and due to the nature of the server it is always possible to add a small component to expose the version through a header if that is preferred. |
Description
Some issues popped up in #1757 which were caused by the
util.js
being cached in the browser. We should prevent this when updating the contents. Some solutions:util.js
to add a query/hash parameter to the link containing a version number so it gets updated after every release. We would need some system in place to not forget doing this. It also has the issue that if the root of the server is a static page, that one might also need to be refreshed after a release.Related to this: the account pages themselves are currently not sending out cache-related headers. We might want to look into doing something with those as well.
The text was updated successfully, but these errors were encountered: