Skip to content

Commit

Permalink
Set max-age=0 for all resources, except those with lastmod parameter
Browse files Browse the repository at this point in the history 
Fixes iftechfoundation#64.

Setting max-age=0 ensures that we'll always return fresh HTML content.

This won't blow out our bandwidth, because browsers/nginx/Cloudflare will still do conditional `GET` requests, which we'll respond with a cheap, fast "304 Not Modified" response in most cases.

For subresources on on the subdomain, we already redirect them to the main domain, but now, we redirect them with a `?lastmod=###` parameter. URLs with that parameter can have a week-long max-age, because if they change, we'll switch to a different URL.
  • Loading branch information
@dfabulich
dfabulich committed Sep 6, 2024
1 parent 13b71e7 commit 62071a6
Showing 1 changed file with 34 additions and 38 deletions.
72 changes: 34 additions & 38 deletions app/src/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,39 +65,6 @@ export default class UnboxApp {
}
})

// Redirect to subdomains
if (options.subdomains) {
this.app.subdomainOffset = domain.split('.').length
this.app.use(async (ctx, next) => {
const path = ctx.path
const subdomain_count = ctx.subdomains.length

// Too many subdomains
if (subdomain_count > 1) {
ctx.throw(400, 'Too many subdomains')
}

// Safe file on non-subdomain
if (subdomain_count === 1 && !UNSAFE_FILES.test(path)) {
ctx.status = 301
ctx.redirect(`//${domain}${path}`)
return
}

// Unsafe file on main domain
if (subdomain_count === 0 && UNSAFE_FILES.test(path)) {
const path_parts = PATH_PARTS.exec(path)
if (path_parts) {
ctx.status = 301
ctx.redirect(`//${path_parts[1]}.${domain}${path}`)
return
}
}

await next()
})
}

// Serve a proxy.pac file
if (domain && options.serve_proxy_pac) {
this.app.use(async (ctx, next) => {
Expand Down Expand Up @@ -130,8 +97,7 @@ export default class UnboxApp {
// Solve CORS issues
ctx.set('Access-Control-Allow-Origin', '*')

// Cache this please
ctx.set('Cache-Control', `max-age=${this.options['cache-control-age']}`)
ctx.set('Cache-Control', `max-age=0`)

// Front page
if (request_path === '/') {
Expand Down Expand Up @@ -319,6 +285,8 @@ export default class UnboxApp {
}

// Trying to load a file from a zip


const path_parts = PATH_PARTS.exec(request_path)
if (!path_parts) {
ctx.throw(400, 'This is not a valid file')
Expand Down Expand Up @@ -356,9 +324,37 @@ export default class UnboxApp {
file_path = details.normalised_paths[file_path]
}

// Check for non-matching subdomain
if (this.options.subdomains && UNSAFE_FILES.test(file_path) && !ctx.hostname.startsWith(hash)) {
ctx.throw(400, `Incorrect subdomain`)
// Redirect to subdomains
if (this.options.subdomains) {
const path = ctx.path
const subdomain_count = ctx.host.split(".").length - this.options.domain.split(".").length

Check failure on line 330 in app/src/app.js

View workflow job for this annotation

GitHub Actions / lint 

Strings must use singlequote

Check failure on line 330 in app/src/app.js

View workflow job for this annotation

GitHub Actions / lint 

Strings must use singlequote

// Too many subdomains
if (subdomain_count > 1) {
ctx.throw(400, 'Too many subdomains')
}

// Safe file on non-subdomain
if (subdomain_count === 1 && !UNSAFE_FILES.test(path)) {
ctx.status = 302
ctx.redirect(`//${this.options.domain}${path}?lastmod=${details.date}`)
return
}

// Unsafe file on main domain
if (subdomain_count === 0 && UNSAFE_FILES.test(path)) {
const path_parts = PATH_PARTS.exec(path)
if (path_parts) {
ctx.status = 301
ctx.redirect(`//${path_parts[1]}.${this.options.domain}${path}`)
return
}
}
}

if ('hash' in query) {
// Cache this please
ctx.set('Cache-Control', `max-age=${this.options['cache-control-age']}`)
}

// Send and check the Last-Modified/If-Modified-Since headers
Expand Down

0 comments on commit 62071a6

Please sign in to comment.