Add no-cache header to remaining FE assets

[rianfowler]

Overview

• Hash was removed from certain webpack chunks
• cache control header was not updated for these
• suspect apps are crashing because the cached version of the chunks are incompatible with the current version of the app

[rianfowler]

We updated the S3 bucket to return the correct cache-control header. I've verified this in production.

Todos remaining:

• We need to update the vendor file name to bust any caches out there that didn't have the right header.

[jenniferlee-dsva]

Hello - just adding info - this behavior is happening on other pages and other REACT widgets. Per this slack thread - screenshot in thread (unable to upload image to Github on VA network): https://dsva.slack.com/archives/C52CL1PKQ/p1588199060139500?thread_ts=1588107241.103100&cid=C52CL1PKQ

REACT widgets on other benefit pages having same situation. Such as: How to file a claim https://www.va.gov/disability/how-to-file-claim/ Disability ratings calculator https://www.va.gov/disability/about-disability-ratings/ (Chrome) image.png image.png

[jbalboni]

Just wanted to add on to what @jenniferlee-dsva was saying, we also see this on https://www.va.gov/health-care/schedule-view-va-appointments/.

I can see that the vendor bundle cache control headers were updated, but it looks like widgets are still missing the no-cache header:

[rianfowler]

This should be fixed now. Let me know if you continue to see issues.

[karlbrown-va]

@rianfowler we've seen an issue with the chatbot today that we suspect has something to do with caching. Can you look at the chatbot widget and see if anything has changed, or needs to?

https://github.com/department-of-veterans-affairs/vets-website/tree/master/src/applications/coronavirus-chatbot

[karlbrown-va]

For example this widget doesn't have the no-cache header: https://www.va.gov/generated/cta-widget.entry.69da6eef86d62b0c0a82-1588355679784.js nor an ETag

same with this one: https://www.va.gov/generated/chatbot.entry.3681a6dc8d6bbaee34c7-1588355679784.js

[mchelen-gov]

Hi @rianfowler to follow up can you confirm this is the proper behavior? Tested today on https://www.va.gov/coronavirus-chatbot/ with clean cache / hard reload, these script assets are returned with the following response headers:

https://www.va.gov/coronavirus-chatbot/

HTTP/1.1 200 OK
Date: Mon, 04 May 2020 15:40:45 GMT
Content-Type: text/html
Connection: keep-alive
x-amz-id-2: IEbVelGJLAl0d6XYK3h+eDOC1vuwilIVrMgw6d0jmd9vx04nPLRsfMe5nCJ8XvDWq3Qlh0x4rT8=
x-amz-request-id: 589E669B20DA3A0F
Content-Security-Policy-Report-Only: script-src 'self' 'unsafe-inline' 'nonce-yWSaywTwN7yd70A9UW32jKgdhivjlFU7' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://cdn.botframework.com nonce-yWSaywTwN7yd70A9UW32jKgdhivjlFU7; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://vicbdc.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ;  report-uri /csp-report
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; report=/csp-report
Content-Encoding: gzip
Set-Cookie: TS016f4012=01c16e2d817d1e90f43838f447df0d4ab4700a72f95a47cd75d9ecd7abff5a2a78b7677952e5a5d0506f1f52558917ce0f3039e560; Max-Age=900; Path=/
Transfer-Encoding: chunked

https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com/generated/static-pages.entry.7cf88bfdbe7ccc1d61a2-1588364859777.js

HTTP/1.1 200 OK
x-amz-id-2: Y7GUCuQvLX80IMzZBB7dwJg/Y8qKf2Gax4w+LGTkPSp+y15/JX0X/WljbPjHlTxRocbf+pUHkTQ=
x-amz-request-id: 8F2EEEC84F3BF049
Date: Mon, 04 May 2020 15:40:48 GMT
Last-Modified: Sat, 02 May 2020 05:10:38 GMT
ETag: "e1457325ced591395f6cd6682c70c250"
Cache-Control: public, no-cache
Content-Encoding: gzip
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 150029
Server: AmazonS3

https://www.va.gov/generated/chatbot.entry.3681a6dc8d6bbaee34c7-1588364859777.js

HTTP/1.1 200 OK
Date: Mon, 04 May 2020 15:40:48 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: openresty
x-amz-id-2: 4tFP0zMc2GjfHkPrjK5Fpn+4CMD+O8PnJLmvQCoASivhyo+ilTbBEZo2RzyytVCKkIaCql3qBtM=
x-amz-request-id: 65FDA75854336063
Expires: Tue, 04 May 2021 15:40:48 GMT
Cache-Control: max-age=31536000
Cache-Control: public
Content-Encoding: gzip

[karlbrown-va]

I think in the case of content with hashes in the filename, max-age=31536000 is reasonable, b/c if the content changes it should get a new hash. it is strange that the static-pages-entry page has no-cache directive set.

[rianfowler]

I think the bug portion of this has been resolved. ~I added a dependency to this ticket.~