How to properly serve static assets with Hapijs

Question

I'm trying to get Fastly pointed at my heroku instance that is running hapijs and serving static files from /assets/. I have a route setup that looks like this:

  // Assets
  {
    method: "GET",
    path: "/assets/{path*}",
    config: {
      cache: {
        privacy: 'public',
        expiresIn: 31536000000 // 1 year in milliseconds
      }
    },
    handler: {
      directory: { path: './public/assets'}
    }
  },

Here are the headers sent back on each request:

HTTP/1.1 200 OK
content-type: text/css; charset=utf-8
last-modified: Thu, 22 Jan 2015 07:08:07 GMT
etag: "9c7d48799e5230b7c97ef1978b81ad533c10b950"
set-cookie: csrf=xyz; Path=/
set-cookie: session=xyz; Path=/
cache-control: max-age=31536000, must-revalidate, private
Date: Thu, 22 Jan 2015 07:21:15 GMT
Connection: keep-alive

How do I not set cookies on the responses from this enpoint and why does the cache-control header set must-revalidate and private. Shouldn'it just be public?

Answer 1

I finally solved this issue. I had a few plugins that were setting cookies: yar, hapi-auth-cookie, and crumb. Unfortunately there is not yet any standard way of removing plugins from a particular route.

• crumb allows you to add a skip function to the registration options that will disable it.

• auth let's you disable it at the route config by setting auth: false.

• yar doesn't yet have any mechanism for doing this so I submitted a PR to fix it

Answer 2

You can also remove cookies via Fastly, before the response is considered to be stored in the cache. For this you need to do the following configuration steps:

1. Content -> Headers:

   Name Remove Set-Cookie from /assets

   Type: Cache

   Action: Delete

   Destination: http.Set-Cookie

2. On that newly generated Header Configuration: Settings -> Cache Conditions ->
   New

   Name: /assets

   Apply If: req.url ~ "^/assets/"

That will remove the Set-Cookie header before it's "seen" by Fastly and will thus make it cachable.