search

patrickdemooij9 / SeoToolkit.Umbraco

SeoToolkit is a SEO package for Umbraco 9, 10, 11, 12 & 13. This package features most functionalities needed for your SEO needs like meta fields, sitemap, robots.txt and much more.
MIT License
38 stars 28 forks source link

Script Manager Output Caching #291

Closed whitter closed 1 month ago

whitter commented 2 months ago

The current caching of the Script Manager view output is causing issues when mixed with CSP Manager.

So for instance when wanting to apply CSP nonce for Google Tag Manger we would create a custom view to override the default GTM HeadBottom.cshtml view from Script Manager to added the extra bit of JS to configure the nonce.

When using CSP Manager this nonce creation is handled with a tag helper so when end up with a view template like this:

@model string
<!-- Google Tag Manager -->
<script csp-manager-add-nonce="true">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
        new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
        j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
        'https://www.googletagmanager.com/gtm.js?id='+i+dl;var n=d.querySelector('[nonce]');
        n&&j.setAttribute('nonce',n.nonce||n.getAttribute('nonce'));f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','@Model');</script>
<!-- End Google Tag Manager -->

CSP Manager will then keep track of the creation of nonce on the HttpContext and its middleware will output the CSP response headers based on the state of the data in the context. With the caching of the view output in Script Manager, subsequent request do not create the context data that CSP Manager expects and no nonce is output in the CSP header.

Based on my understanding of the Script Manager code the caching could be removed (or toggled on/off with a setting) with no detrimental affect.

patrickdemooij9 commented 2 months ago

Hi @whitter

Thanks for the report, though I am not sure if removing the cache would fix your issue here. I think only the output of the scripts are cached, not the whole view. So if you are overwriting the HeadBottom.cshtml your code shouldn't be cached.

But those are just my initial thoughts, I'll try to reproduce this myself and see if I can find a fix for it :)

whitter commented 1 month ago

Hi @patrickdemooij9,

Just calling in to see if you had a chance to reproduce the above and see if you need anymore information.

patrickdemooij9 commented 1 month ago

Hi @whitter Sorry for the late reply, been quite busy with the Umbraco 14 version. I was able to reproduce this issue and it was indeed caused by the caching. I've added a new property to disable the caching for the rendering, which should fix your issue. I am hoping to get this released with a new version in the coming weeks.

Thank you for the report!