Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set no-cache headers for health check endpoint #16364

Closed
wants to merge 1 commit into from
Closed

Set no-cache headers for health check endpoint #16364

wants to merge 1 commit into from

Conversation

jamesmacwhite
Copy link
Contributor

Description

Currently with static caching in use, the health check endpoint response can be cached when using GET and return a 304 response by a client. This occurs on Craft Cloud, but possible also with other static caching solutions i.e. Blitz.

This sets $this->response->setNoCacheHeaders(); in the action controller to prevent this from happening.

brandonkelly pushed a commit that referenced this pull request Dec 30, 2024
@jamesmacwhite @brandonkelly
Set no-cache headers for health check endpoint
ae59346 
Resolves #16364
@brandonkelly
Copy link
Member

Thanks for the PR! I’ve cherry-picked it for the upcoming 4.14 and 5.6 releases (ae59346).

I’ve also brought this up with the Cloud team – we probably should not ever be statically caching URIs that begin with actions/ (or whatever the actionTrigger is set to).

@jamesmacwhite
Copy link
Contributor Author

jamesmacwhite commented Dec 30, 2024
edited
Loading

@brandonkelly Thanks!

I did add a discussion on the Craft Cloud GitHub as well about it for reference: craftcms/cloud#54, I raised it here as ultimately it probably needs enforcing regardless, given the health check endpoint needs to always test the Craft CMS application readiness state and should never be a cached result.

I think certainly certain actions shouldn't ever be cached, but there is some benefit to static caching for front end controllers, particularly if they serve large data i.e. from an element query or similar. E.g. a current use case of ours we generate an XML response through a controller rather than Twig, this gets statically cached and because it involves a decent amount of entries and fields, this is a good thing, even with eager loading, it is wasteful running that query each time.

When you have direct access to the controller you can of course set the no cache headers yourself when dealing with GET requests, the issue is other controllers outside of your namespace, which you can technically influence through Yii events still, or switch to POST requests which are never statically cached, but then you'd have to get a CSRF token each time or turn it off, which again you can do through Yii events (if not your controller namespace), but yeah I guess certain action paths should never be cached.

Thanks for cherry-picking the PR!

@brandonkelly
Copy link
Member

I went ahead and made all action requests get no-cache headers by default, because in general I think that‘s probably the expected behavior. Individual controllers/actions can override that behavior though, via $this->response->setCacheHeaders().

@jamesmacwhite
Copy link
Contributor Author

Opting in is probably the safest across all the various scenarios.

It might be worth discussing internally with the Craft Cloud team because it will remove some automatic caching happening in places. The documentation about static caching will need amending for the next Craft CMS 4 and 5 releases around the switch to opting in.

https://craftcms.com/knowledge-base/cloud-static-caching

@brandonkelly
Copy link
Member

Craft 4.14.0 and 5.6.0 is out with that change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jamesmacwhite @brandonkelly