CSRF token and caching
Pinakee BIswas
pinakee at waltzz.com
Wed May 25 12:38:12 CEST 2016
Hi Dridi,
Thanks for your response.
For example, ours is an ecommerce site and this is a Product details
page. This page contains the details about a product, product images
(which is common for all users/visitors) and a form to add the product
to cart. It would be great to cache the all the portions of the page
that contains the product details (except the one with the form to add
to cart). This page is a heavily visited page and hence, caching would
help in improving the throughput.
Thanks,
Pinakee
On 25/05/16 3:53 pm, Dridi Boukelmoune wrote:
> On Wed, May 25, 2016 at 11:02 AM, Pinakee BIswas <pinakee at waltzz.com> wrote:
>> Hi,
>>
>> Our backend uses CSRF tokens for form posts. For pages with forms, if
>> Varnish caching is enabled for such pages, form post is failing due to CSRF
>> error. Is there a way to handle this? I have been reading that using ESI is
>> a solution.
>>
>> Would really appreciate if someone could help with the above.
> IIUC a client may GET a page that contains tokens for a later POST, and
> such pages should not be cached by Varnish.
>
> The solution would then be to have your backend add
> Cache-Control:private when responses target specific clients.
>
> Dridi
More information about the varnish-misc
mailing list