search

openbridge / nginx

NGINX Accelerated! This is a Docker image that creates a high performance (FAST!), optimized image for NGINX for use with Redis and PHP-FMP. Deliver sites and applications with performance, reliability, security, and scale. This NGINX server offers advanced performance, web and mobile acceleration, security controls, application monitoring, and management.
https://www.openbridge.com/
MIT License
233 stars 53 forks source link

What was the reasoning for adding $msec to WP CSS/JS files? #72

Open l3rady opened 5 months ago

l3rady commented 5 months ago

In secure.conf you have this at the bottom of the file.

# Custom sub_filter for specific WordPress assets
location ~* ^/(license.txt|wp-includes/(.*)/.+\.(js|css)|wp-admin/(.*)/.+\.(js|css))$ {
    sub_filter_types text/css text/javascript text/plain;
    sub_filter_once on;
    sub_filter ';' '; /* $msec */ ';
}

Are you able to share your reasoning behind this please? Does it aid in security or is it just there for debugging reasons?

tspicer commented 2 months ago

The main purpose of this configuration is adding timestamps to the end of statements in CSS and JavaScript files. This can be useful for debugging in several ways:

  1. Cache busting: By adding a changing value to the files, it forces browsers to reload the asset instead of using a cached version.
  2. Performance tracking: It allows you to see when each asset was served, which can help identify slow-loading resources.
  3. Version tracking: It provides a way to verify that you're looking at the most recent version of a file when debugging.

While this configuration doesn't directly enhance security, it can indirectly help with debugging security issues by making it easier to track when and how resources are being served.

It is not a required statement