CSRF token and caching

Dridi Boukelmoune dridi at varni.sh
Wed May 25 12:52:00 CEST 2016


On Wed, May 25, 2016 at 12:38 PM, Pinakee BIswas <pinakee at waltzz.com> wrote:
> Hi Dridi,
>
> Thanks for your response.
>
> For example, ours is an ecommerce site and this is a Product details page.
> This page contains the details about a product, product images (which is
> common for all users/visitors) and a form to add the product to cart. It
> would be great to cache the all the portions of the page that contains the
> product details (except the one with the form to add to cart). This page is
> a heavily visited page and hence, caching would help in improving the
> throughput.

If you want to partially cache the page, then the Cache-Control
solution is definitely counter-productive.

I can't help you there but I can at least mention things that come to mind:
- put the form in an ESI fragment
- put the form in an iframe
- retrieve the form using javascript

Cheers



More information about the varnish-misc mailing list