FastFPC icon indicating copy to clipboard operation
FastFPC copied to clipboard
verified publisher icon Genaker

CSP header not sent when cache hit

Open MrTschi opened this issue 2 years ago • 5 comments

For cache-HITs, the Content-Security-Policy header is not returned to the viewer.

MrTschi avatar Aug 24 '23 20:08 MrTschi

Hi @MrTschi. If Magento sent this header, We are storing the headers. Please make var_dump() her content["header”] or something like that and check the headers stored by Magento.

Genaker avatar Aug 24 '23 21:08 Genaker

check this: https://github.com/Genaker/FastFPC/blob/main/Mage/FPC/FPC.php#L131-L135 you probably have some specific issue.

On Thu, Aug 24, 2023 at 1:24 PM MrTschi @.***> wrote:

For cache-HITs, the Content-Security-Policy header is not returned to the viewer.

— Reply to this email directly, view it on GitHub https://github.com/Genaker/FastFPC/issues/6, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGJNZTQITCJPPOZMZOQWC3XW62AVANCNFSM6AAAAAA35RTLVU . You are receiving this because you are subscribed to this thread.Message ID: @.***>

Genaker avatar Aug 24 '23 21:08 Genaker

Yes, but it seems like the CSP Header is not saved in redis. I investigated a bit and it seems like redis-FPC is saved before CSP Headers are set.

You could say its a magento bug, but with varnish it would work. any idea how to fix this?

MrTschi avatar Aug 26 '23 08:08 MrTschi

You need to fix this bug ;) I know how to fix.

But you can hard code all you headers. Before echo $content :

Or you can set them in the Nginx. Etc.

On Sat, Aug 26, 2023 at 2:00 AM MrTschi @.***> wrote:

Yes, but it seems like the CSP Header is not saved in redis. I investigated a bit and it seems like redis-FPC is saved before CSP Headers are set.

You could say its a magento bug, but with varnish it would work. any idea how to fix this?

— Reply to this email directly, view it on GitHub https://github.com/Genaker/FastFPC/issues/6#issuecomment-1694234630, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGJNZT3QSDLMIMOEQ5SVQLXXG3JRANCNFSM6AAAAAA35RTLVU . You are receiving this because you commented.Message ID: @.***>

Genaker avatar Aug 26 '23 17:08 Genaker

Yes, but it seems like the CSP Header is not saved in redis. I investigated a bit and it seems like redis-FPC is saved before CSP Headers are set.

You could say its a magento bug, but with varnish it would work. any idea how to fix this? It is Open Magento issue: Some guys told me you need to set magento mode to production. I haven't tested it. https://github.com/magento/magento2/issues/37924

YehorShytikovWB avatar Aug 27 '23 02:08 YehorShytikovWB