Full page cache (FastCGI or other) configurations with CSRF compatibility

N

Noma

Member
Licensed customer
There seems to some conversations about full page caching here but it's mostly years old and the solutions don't seem to work anymore. Has anyone been able to implement a full page caching with FastCGI, Varnish or any other similar tool for non-logged-in users so that it wouldn't break the CSRF handling? All the AJAX requests including the login form are failing with just basic cache configs.

It would save a lot of processing power and server loads if this could be implemented. Thanks in advance if someone has the solution!
 
Sort by date Sort by votes
rdn said:
Isn't it enough to just skip caching if the cookie "xf_session" is present and only cache GET requests?
Click to expand...

It would lead to problems with the CSRF token being cached as well and then all the AJAX features would break, including the login modal.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

eva2000
  • Suggestion Suggestion
Implemented Compatibility for CSRF protection & Cloudflare full HTML page caching
2
Replies
31
Views
5K
Jeremy P
Jeremy P
R
  • Locked
XenForo Forum with Nginx fastcgi_cache full page guest caching
3 4 5
Replies
86
Views
25K
Chris D
Chris D
optimus
Anyone tried to use ngx_cache_purge for full page cache ?
Replies
2
Views
1K
optimus
optimus
Back
Top Bottom