Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Serve more static files from nginx #2384

Merged
merged 1 commit into from
Apr 3, 2020
Merged

Serve more static files from nginx #2384

merged 1 commit into from
Apr 3, 2020

Conversation

jtgeibel
Copy link
Member

@jtgeibel jtgeibel commented Apr 2, 2020

Serve more folders containing files with hashed filenames directly from
nginx with a max expiration date. Additionally, some unhashed static
files are allowed to be cached for up to 1 day.

These changes serve as a workaround for an authentication issue.
Currently conduit-cookie includes a Set-Cookie header in every
backend response. During the authentication steps, the popup window
requests static assets such as favicon.ico and cargo-{hash}.png.
If these assets are served by the backend, they will echo whatever
cookie was sent in the request. Therefore, there is a race between the
request to /api/private/session/authorize?... and requests for these
static assets. If a request for one of these assets is sent before
authorization is complete and the response arrives after successful
authorization, then the stale cookie will be stored again by the
browser, overwriting the contents.

I've opened conduit-rust/conduit-cookie#12 to track the progress of the
proposed long-term solution. This commit should be sufficient to fix
the behavior for now and should reduce the number of requests for these
static assets (due to improved caching).

Closes #2252
r? @carols10cents

@jtgeibel
Serve more static files from nginx
45c7511 
Serve more folders containing files with hashed filenames directly from
nginx with a max expiration date.  Additionally, some unhashed static
files are allowed to be cached for up to 1 day.

These changes serve as a workaround for an authentication issue.
Currently `conduit-cookie` includes a `Set-Cookie` header in every
backend response.  During the authentication steps, the popup window
requests static assets such as `favicon.ico` and `cargo-{hash}.png`.
If these assets are served by the backend, they will echo whatever
cookie was sent in the request.  Therefore, there is a race between the
request to `/api/private/session/authorize?...` and requests for these
static assets.  If a request for one of these assets is sent before
authorization is complete and the response arrives after successful
authorization, then the stale cookie will be stored again by the
browser, overwriting the contents.

I've opened conduit-rust/conduit-cookie#12 to track the progress of the
proposed long-term solution.  This commit should be sufficient to fix
the behavior for now and should reduce the number of requests for these
static assets (due to improved caching).

Closes rust-lang#2252
r? @carols10cents
@Turbo87
Copy link
Member

Turbo87 commented Apr 2, 2020

wow... how on earth did you figure that one out?! 😱

@jtgeibel
Copy link
Member Author

jtgeibel commented Apr 3, 2020

Yeah, this took a lot of time to track down! Every time I thought I had reproduction steps or saw a pattern, everything would start working again. I tried all sorts of things like: reloading the page at different points, deleting the cookie as if it had expired, adding extra cookies, and even manually setting isLoggedIn to 1 in local storage. I couldn't reproduce it locally at all (maybe the timing over loopback is too consistent), but had probably a 15% failure rate in staging. Eventually I determined that the trigger was probably random, or at least independent of any of my steps, but there were oh many false leads.

I couldn't find a way to use the developer tools within the short-lived popup window, so I eventually took a closer look at the staging logs. The extra requests to favicon.ico stood out just enough to draw my interest. To confirm my suspicious I used the recently added logging metadata (needing to open #2383 along the way) to log the session data before and after the handler, and deployed that to staging. After several retries I hit the failure again and was able to observe the cookie values sent and confirm they were different from the successful sequences.

@carols10cents
Copy link
Member

Whew! lgtm! Great work tracking this down! ❤️

@bors r+

@bors
Copy link
Contributor

bors commented Apr 3, 2020

📌 Commit 45c7511 has been approved by carols10cents

@bors
Copy link
Contributor

bors commented Apr 3, 2020

⌛ Testing commit 45c7511 with merge 9be7706...

@bors
Copy link
Contributor

bors commented Apr 3, 2020

☀️ Test successful - checks-travis
Approved by: carols10cents
Pushing 9be7706 to master...

@bors bors merged commit 9be7706 into rust-lang:master Apr 3, 2020
@jtgeibel jtgeibel deleted the server-more-static-assets-from-nginx branch May 3, 2020 01:04
@jtgeibel jtgeibel mentioned this pull request May 3, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@carols10cents carols10cents

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Error accessing dashboard
5 participants
@jtgeibel @Turbo87 @carols10cents @bors @rust-highfive