Cache backend responses
By default, Magnolia sets the Set-Cookie header when the country
filter and CSRF are enabled. Because of this, responses from backend servers aren’t able to be cached. However, there are some things you can do to make these backend responses cacheable.
Workaround instructions
-
Go to your
country
filter.This is typically found at
/modules/personalization-traits/traits/country
. -
Change the
traitStorageClass
to$RequestScopedTraitStorage
. Alternatively, you could completely disable the country filter. -
Next, you’ll need to bypass the CSRF filter with paths/content-types (and whatever else you need) in the filter configuration. This is done with a voter.
Example voterBypassWhenNotAuthenticated: class: info.magnolia.voting.voters.AuthenticatedVoter not: true
If the filter is bypassed, CSRF protection for unauthenticated browser sessions are disabled meaning there is no longer protection against CSRF login attacks or any other POST
requests like forms.