Comments (3)
Why does there need to be another reason? I'm sure the audit team had good reason to add this warning. You may not be fully understanding the implications of this header. See this stackoverflow post for example:
The must-revalidate directive ought to be used by servers if and only if failure to validate a request on the representation could result in incorrect operation, such as a silently unexecuted financial transaction.
A secondary reason though would just be the principle of control - i ought to be the one determining what headers i do and don't include in my server responses not the system.
Lastly - what if a person explicitly does not want to require the browser to get a fresh version after 30 days. Why force this on people?
from aws-s3.
Better late than never!
The must-revalidate
header no longer gets added to uploads, as that is, indeed, not exactly suited for this scenario.
from aws-s3.
Besides Chrome audit complaining, why is that header a problem?
All it's doing is telling the browser "once the 30 days are up, you MUST get a fresh version".
An event for the metadata is a good idea for a general extensibility, but I'm curious whether there's an actual problematic scenario or not that you're having.
from aws-s3.
Related Issues (20)
- Dynamic paths not working HOT 1
- Enormous Loading Times in Craft CMS 4 HOT 3
- Bucket dropdown isn't being populated HOT 2
- Instances of craft\awss3\S3Client cannot be serialized HOT 6
- Transforms update not working HOT 1
- Credentials.php is not able to unserialise the cached tokenKey
- Getting unknown property: craft\awss3\Volume::path
- AWS credentials cache duration is not being calculated correctly HOT 3
- Ability to use server side encryption HOT 2
- Credential-less auth should be explicit opt-in
- Draging a directory to another directory + 50mgb causes the server to go down
- TLS 1.0 or 1.1 connection - Need to upgrade to TLS 1.2 HOT 1
- Update your S3 object access to maintain connectivity HOT 2
- Error executing "GetSessionToken" on "https://sts.amazonaws.com"; AWS HTTP error: cURL error 6: Could not resolve host: sts.amazonaws.com HOT 1
- Getting "Unable to check if {filename} exists" when trying to upload to newly added volume HOT 1
- not a bug, but could not find the answer reading the source code HOT 1
- No support for S3-compatible object storage (e.g: Wasabi)? Getting STS related error when trying HOT 3
- [v3.x] Leveraging the new Subpath option within a volume in Craft 5 causes Rekognition to return a 400 error HOT 3
- Block public access
- Volumes can be created with invalid cache control settings
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-s3.