Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: static files served with different vary headers #26532

Merged
merged 1 commit into from
Nov 29, 2024
Merged

fix: static files served with different vary headers #26532

merged 1 commit into from
Nov 29, 2024

Conversation

pauldambra
Copy link
Member

@pauldambra pauldambra commented Nov 29, 2024
edited
Loading

when using internal-t posthog route (which i think is just PostHog and managed reverse proxy)

going backwards and forwards between us.posthog.com and posthog.com I get a CORS error

Screenshot 2024-11-28 at 23 10 20 Screenshot 2024-11-28 at 22 31 08

I believe that because

  • we're sending vary: accept-encoding
  • the browser is caching the static file on one domain,
  • then re-using it on the next
  • _and reusing the header access-control-allow-origin: https://posthog.com
  • the browser re-uses the cached response and headers which makes it invalid

the default headers from whitenoise are https://github.com/evansd/whitenoise/blob/b3d250fd17da0e280d58b6dc4935c4573ebe8b55/src/whitenoise/responders.py#L170 vary: accept-encoding so it's probably whitenoise adding the vary headers for us (i guess it could be contour or envoy but that feels like it's whitenoise)

NB the real fix here IMO is to send access-control-allow-origin: * but the CorsPostCsrfMiddleware middleware that I think would add the domain specific access-control-allow-origin header in django shouldn't run on these static file requests

I don't think it is since it would add the vary: origin header, so I think the access-control-allow-origin is being added somewhere else in the stack

I don't know where in the stack, so for the time being we can try and add the vary by origin header. this means folk will download the assets more often than they strictly need to but that's better than current

I haven't tested this since whitenoise doesn't serve static assets in DEBUG

@pauldambra pauldambra requested review from a team November 29, 2024 08:35
@pauldambra pauldambra merged commit 68402d1 into master Nov 29, 2024
92 checks passed
@pauldambra pauldambra deleted the fix/static-file-serving branch November 29, 2024 09:13
pauldambra added a commit that referenced this pull request Nov 29, 2024
@pauldambra
Revert "fix: static files served with different vary headers (#26532)"
844005e 
This reverts commit 68402d1.
@pauldambra pauldambra mentioned this pull request Nov 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichaelKutsch-ph MichaelKutsch-ph MichaelKutsch-ph approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pauldambra @MichaelKutsch-ph