XF 2.2 Disabling Xenforo's cache-control header for better caching?

B

bottiger

Active member
How do I go about disabling this header that xenforo puts on every page?

"cache-control: private, no-cache, max-age=0"

I'd like to be able to set the age for visitor pages so my CDN can cache the page without having to go back to my server to rely on Xenforo's visitor cache. It just isn't as good as cache-control caching and I've noticed my site feels sluggish after the move to xenforo 2 because of this.
 
This isn't fundamentally changed from XF1. Notably, we have always sent the cache control as private which means any shared cache (reverse proxy, Varnish, etc) should absolutely not be saving the output as it is user/request specific. Even in the case of guests that are request-specific values (notably, the CSRF protection).

If you wanted to do some sort of caching outside of XF, you'd need to apply bypasses based on cookies that might indicate the presence of a logged in user or a situation that is using custom things for guests and potentially explicitly white list certain paths so that they're never served from the cache (login and registration being ones that jump out). There might need to be some code changes to try to skip CSRF validation for guests in most cases.
 
Mike said:
This isn't fundamentally changed from XF1. Notably, we have always sent the cache control as private which means any shared cache (reverse proxy, Varnish, etc) should absolutely not be saving the output as it is user/request specific. Even in the case of guests that are request-specific values (notably, the CSRF protection).

If you wanted to do some sort of caching outside of XF, you'd need to apply bypasses based on cookies that might indicate the presence of a logged in user or a situation that is using custom things for guests and potentially explicitly white list certain paths so that they're never served from the cache (login and registration being ones that jump out). There might need to be some code changes to try to skip CSRF validation for guests in most cases.
Click to expand...

Thanks for the reply Mike.

I found out that most of the lack of caching was caused by $config['development']['enabled']. I had the development panel enabled through a plugin in XF1 so I guess it never added those no-cache directives.

I managed to get some visitor caching like this but as you said, there is an issue with visitor CSRF.

PHP: 
    public static function app_pub_complete(\XF\Pub\App $app, \XF\Http\Response &$response)
    {
        $method = $_SERVER['REQUEST_METHOD'];
        if($method != 'GET')
        {
            return;
        }
        $visitor = \XF::visitor();
        $guest = $visitor->user_id == 0;
        if($guest === false)
        {
            return;
        }
        if(count($response->getCookies()) > 0)
        {
            return;
        }

        $response->removeHeader('Expires');
        $response->header('Cache-control', 'public,max-age=5');
    }

I think the more immediate problem for my setup at least is the multiple css and js requests, so I will have to leave the CSRF experiment for another time. I'm kind of surprised there isn't a plugin for this or something already.
 
You must log in or register to reply here.

Similar threads

DeltaHF
Fixed Image Proxy's broken image placeholders should include "no-cache" Cache Control HTTP headers
Replies
1
Views
3K
XF Bug Bot
XF Bug Bot
Brent W
Add-on Cache Control Headers on public attachments
Replies
0
Views
844
Brent W
Brent W
m1ne
Why do I have 2 cache-control headers?
Replies
2
Views
949
m1ne
m1ne
Top Bottom