Read more

New gem: Rack::SteadyETag

Henning Koch
December 01, 2021Software engineer at makandra GmbH

Rack::SteadyETag Show archive.org snapshot is a Rack middleware that generates the same default ETag Show archive.org snapshot for responses that only differ in CSRF tokens or CSP nonces.

Illustration web development

Do you need DevOps-experts?

Your development team has a full backlog? No time for infrastructure architecture? Our DevOps team is ready to support you!

  • We build reliable cloud solutions with Infrastructure as code
  • We are experts in security, Linux and databases
  • We support your dev team to perform
Read more Show archive.org snapshot

By default Rails uses Rack::ETag Show archive.org snapshot to generate ETag headers by hashing the response body. In theory this would enable caching Show archive.org snapshot for multiple requests to the same resource. However, since most Rails application layouts insert randomly rotating CSRF tokens and CSP nonces into the HTML, two requests for the same content and user will never produce the same response bytes. This means the default ETags from Rails will never hit a cache Show archive.org snapshot .

Rack::SteadyETag is a drop-in replacement for Rack::ETag. It excludes random content (like CSRF tokens) from the generated ETag, causing two requests for the same content to usually carry the same ETag.

Posted by Henning Koch to makandra dev (2021-12-01 14:40)