search

Genaker / FastFPC

Magento 2 improved FPC and Varnish replacement was used for Magento SaaS solution when you need high performace and scaling. No more outdated Adobes official Varnish approach is requred
53 stars 11 forks source link

CSP header not sent when cache hit #6

Open MrTschi opened 1 year ago

MrTschi commented 1 year ago

For cache-HITs, the Content-Security-Policy header is not returned to the viewer.

Genaker commented 1 year ago

Hi @MrTschi. If Magento sent this header, We are storing the headers. Please make var_dump() her content["header”] or something like that and check the headers stored by Magento.

Genaker commented 1 year ago

check this: https://github.com/Genaker/FastFPC/blob/main/Mage/FPC/FPC.php#L131-L135 you probably have some specific issue.

On Thu, Aug 24, 2023 at 1:24 PM MrTschi @.***> wrote:

For cache-HITs, the Content-Security-Policy header is not returned to the viewer.

— Reply to this email directly, view it on GitHub https://github.com/Genaker/FastFPC/issues/6, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGJNZTQITCJPPOZMZOQWC3XW62AVANCNFSM6AAAAAA35RTLVU . You are receiving this because you are subscribed to this thread.Message ID: @.***>

MrTschi commented 1 year ago

Yes, but it seems like the CSP Header is not saved in redis. I investigated a bit and it seems like redis-FPC is saved before CSP Headers are set.

You could say its a magento bug, but with varnish it would work. any idea how to fix this?

Genaker commented 1 year ago

You need to fix this bug ;) I know how to fix.

But you can hard code all you headers. Before echo $content :

Or you can set them in the Nginx. Etc.

On Sat, Aug 26, 2023 at 2:00 AM MrTschi @.***> wrote:

Yes, but it seems like the CSP Header is not saved in redis. I investigated a bit and it seems like redis-FPC is saved before CSP Headers are set.

You could say its a magento bug, but with varnish it would work. any idea how to fix this?

— Reply to this email directly, view it on GitHub https://github.com/Genaker/FastFPC/issues/6#issuecomment-1694234630, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGJNZT3QSDLMIMOEQ5SVQLXXG3JRANCNFSM6AAAAAA35RTLVU . You are receiving this because you commented.Message ID: @.***>

YehorShytikovWB commented 1 year ago

Yes, but it seems like the CSP Header is not saved in redis. I investigated a bit and it seems like redis-FPC is saved before CSP Headers are set.

You could say its a magento bug, but with varnish it would work. any idea how to fix this? It is Open Magento issue: Some guys told me you need to set magento mode to production. I haven't tested it. https://github.com/magento/magento2/issues/37924