Cache backend responses

By default, Magnolia sets the Set-Cookie header when the country filter and CSRF are enabled. Because of this, responses from backend servers aren’t able to be cached. However, there are some things you can do to make these backend respones cacheable.

Workaround instructions

  1. Go to your country filter.

    This is typically found at /modules/personalization-traits/traits/country.

  2. Change the traitStorageClass to $RequestScopedTraitStorage. Alternatively, you could completely disable the country filter.

    • What you want

    • What you don’t want

    info.magnolia.personalization.trait.storage.StorageAwareTraitCollector$RequestScopedTraitStorage
    info.magnolia.personalization.trait.storage.StorageAwareTraitCollector$SessionScopedTraitStorage
  3. Next, you’ll need to bypass the CSRF filter with paths/content-types (and whatever else you need) in the filter configuration. This is done with a voter.

    Example voter
    BypassWhenNotAuthenticated:
      class: info.magnolia.voting.voters.AuthenticatedVoter
      not: true
    If the filter is bypassed, CSRF protection for unauthenticated browser sessions are disabled meaning there is no longer protection against CSRF login attacks or any other POST requests like forms.
Feedback

PaaS