-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix HTTP Caching of Public Goods responses (remove Vary: Origin) #7
Comments
@ns4plabs I am not sure how easy it will be to fix in someguy without having to modify the github.com/rs/cors library (imo it should not send I it helps, I think for this specific project (someguy) hardcoding liberal CORS on all GET|HEAD|POST|OPTIONS responses is fine. Are you able to add this to your queue and ping me or @hacdias for review? |
Somehow related improvements landed in https:/ipshipyard/waterworks-infra/issues/215 |
Right now, service at
delegated-ipfs.dev/routing/v1
sends CORS header only whenOrigin
header is present in the request, and whenOrigin
is present, the response hasVary: Origin
:Problem
If the
Vary
header in response is set to valueOrigin
, it indicates that the response may vary depending on the value of the Origin header in the request.It means the response is reusable (cacheable) only as long value in
Origin
header matches, so responses for requests made from different websites (origins) won't benefit from caching.IIUC this makes little sense with
access-control-allow-origin: *
because we want liberal access to public goods, and we don't have site-specific responses, so we want cache to be shared across websites that use public goods to maximize cache HIT rate:👉 We want CID lookup done by JS running on
https://one.example.com
to be returned from cache whenhttps://two.example.net
asks for it.Solution
Trustless public good services must have a global cache that is shared across websites (no matter what is in
Origin
), which means we don't wantVary: Origin
atdelegated-ipfs.dev
(needs fixing)trustless-gateway.link
(already ok, but mentioning here as it should share the config/setup/tests)TODO
Vary: Origin
fromdelegated-ipfs.dev
responsesVary: Accept-Encoding
which is used by compressiondelegated-ipfs.dev
regression was introduced when we added github.com/rs/cors to someguy (add http handlers for cors, metrics and compression ipfs/someguy#30). An easy fix may be to remove that library and instead hardcode liberal CORS headers on all response types.The text was updated successfully, but these errors were encountered: