-
Notifications
You must be signed in to change notification settings - Fork 324
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve cache-control response headers on admin content.
- Use stricter "no-store" cache-control headers for the things behind admin logins. - Setup better long-expiration and immutable cache-control headers for the fingerprinted asset files to allow for caching.
- Loading branch information
Showing
5 changed files
with
101 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
require_relative "../test_helper" | ||
|
||
class Test::AdminUi::TestCacheControl < Minitest::Test | ||
include ApiUmbrellaTestHelpers::Setup | ||
parallelize_me! | ||
|
||
def setup | ||
super | ||
setup_server | ||
end | ||
|
||
def test_admin_ui | ||
# Check the admin index.html | ||
response = Typhoeus.get("https://127.0.0.1:9081/admin/", keyless_http_options) | ||
assert_response_code(200, response) | ||
assert_equal("text/html", response.headers["Content-Type"]) | ||
assert_equal("no-cache, max-age=0, must-revalidate, no-store", response.headers["Cache-Control"]) | ||
assert_equal("no-cache", response.headers["Pragma"]) | ||
|
||
# Parse the HTML page and find the JS and CSS assets. | ||
doc = Nokogiri::HTML(response.body) | ||
scripts = doc.xpath("//body//script[starts-with(@src, 'assets/')]") | ||
assert_operator(scripts.length, :>=, 1) | ||
stylesheets = doc.xpath("//head//link[starts-with(@href, 'assets/')]") | ||
assert_operator(stylesheets.length, :>=, 1) | ||
|
||
# Ensure that all the linked assets use fingerprinted filenames (for cache | ||
# busting), and return long cache-control headers. | ||
scripts.each do |script| | ||
assert_match(%r{\Aassets/[\w-]+-\w{32}\.js\z}, script[:src]) | ||
|
||
response = Typhoeus.get("https://127.0.0.1:9081/admin/#{script[:src]}", keyless_http_options) | ||
assert_response_code(200, response) | ||
assert_equal("application/javascript", response.headers["Content-Type"]) | ||
assert_equal("public, max-age=31536000, immutable", response.headers["Cache-Control"]) | ||
assert_nil(response.headers["Pragma"]) | ||
end | ||
stylesheets.each do |stylesheet| | ||
assert_match(%r{\Aassets/[\w-]+-\w{32}\.css\z}, stylesheet[:href]) | ||
|
||
response = Typhoeus.get("https://127.0.0.1:9081/admin/#{stylesheet[:href]}", keyless_http_options) | ||
assert_response_code(200, response) | ||
assert_equal("text/css", response.headers["Content-Type"]) | ||
assert_equal("public, max-age=31536000, immutable", response.headers["Cache-Control"]) | ||
assert_nil(response.headers["Pragma"]) | ||
end | ||
end | ||
|
||
def test_admin_login | ||
# Check the server-side page. | ||
FactoryGirl.create(:admin) | ||
response = Typhoeus.get("https://127.0.0.1:9081/admin/login", keyless_http_options) | ||
assert_response_code(200, response) | ||
assert_equal("text/html; charset=utf-8", response.headers["Content-Type"]) | ||
assert_equal("no-cache, max-age=0, must-revalidate, no-store", response.headers["Cache-Control"]) | ||
assert_equal("no-cache", response.headers["Pragma"]) | ||
|
||
# Parse the HTML page and find the CSS assets. | ||
doc = Nokogiri::HTML(response.body) | ||
stylesheets = doc.xpath("//head//link[starts-with(@href, '/web-assets/')]") | ||
assert_equal(1, stylesheets.length) | ||
|
||
# Ensure that all the linked assets use fingerprinted filenames (for cache | ||
# busting), and return long cache-control headers. | ||
stylesheets.each do |stylesheet| | ||
assert_match(%r{\A/web-assets/admin/[\w-]+-\w{64}\.css\z}, stylesheet[:href]) | ||
|
||
response = Typhoeus.get("https://127.0.0.1:9081#{stylesheet[:href]}", keyless_http_options) | ||
assert_response_code(200, response) | ||
assert_equal("text/css", response.headers["Content-Type"]) | ||
assert_equal("public, max-age=31536000, immutable", response.headers["Cache-Control"]) | ||
assert_nil(response.headers["Pragma"]) | ||
end | ||
end | ||
|
||
def test_server_side_loader | ||
response = Typhoeus.get("https://127.0.0.1:9081/admin/server_side_loader.js", keyless_http_options) | ||
assert_response_code(200, response) | ||
assert_equal("application/javascript", response.headers["Content-Type"]) | ||
assert_equal("no-cache, max-age=0, must-revalidate, no-store", response.headers["Cache-Control"]) | ||
assert_equal("no-cache", response.headers["Pragma"]) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters