0

I am using Google App Engine Standard Environment for a node.js app.

I have a folder named public for my static files. This contains files such as chunk-XIAWB55V.js. I want these files to be heavily cached as the hashed filename will change if the contents change.

I added a static file handler to my app.yaml to redirect requests starting /static to my public folder, and I confirmed it worked by checking the logs: requests to e.g. https://<redacted>.com/static/javascript/build/prod/chunk-Z4M5HAC7.js are in the request log and are not hitting my app. The docs imply that a default cache of 10 minutes should be applied. However the browser devtools show that the actual headers are cache-control: no-cache, must-revalidate and a request (which gets a 304) is sent every time.

I have tried adding a expiration param to my app.yaml but it did not make a difference. I also tried setting the headers in app.yaml but it did not make a difference. My current file looks like:

handlers:
  - url: /static
    static_dir: public
    secure: always
    expiration: "1d"
    http_headers:
      Cache-Control: public
      Vary: Accept-Encoding

  - url: /.*
    secure: always
    script: auto

I am still getting responses like:

enter image description here

I am using Identity Aware Proxy in front of App Engine and I know from e.g. this question that IAP and caching can mix badly but that seems to refer simply to possible IAP bypass. My static files are not sensitive and I am happy to accept that risk.

anotherfred
  • 1,330
  • 19
  • 25
  • Are you logged in as an **administrator** by any chance? Some [HTTP headers](https://cloud.google.com/appengine/docs/standard/go/reference/request-response-headers#headers_added) (as `Cache-Control`) are replaced or added when the user is signed in as admin account. – Javier M Nov 04 '21 at 13:00
  • Thank you for suggesting it but I've tried an incognito window and it didn't affect it. – anotherfred Nov 04 '21 at 17:43
  • Are you 100% sure the user you're using to perform the request doesn't have admin privileges? For instance, [Viewer, Editor and Owner roles](https://cloud.google.com/appengine/docs/standard/python/roles#basic_roles) **has admin privileges in App Engine**, so if you log in using a viewer account (for example) you'll still be an admin, hence, cache will be disabled. Also, are you [setting cookies](https://cloud.google.com/appengine/docs/standard/java/reference/request-response-headers#:~:text=also%20sets%20a-,set-cookie,-header%2C%20or%20the) by any chance somewhere in your code? – Javier M Nov 10 '21 at 10:39
  • I'm sure about the privileges because I am using Google Identity Platform with the 'Email and password' provider, not Google accounts, and I have tested in a private window. Regarding cookies, the app does set cookies in several places, but I wouldn't expect that to affect the static file handler as that doesn't hit the app? – anotherfred Nov 10 '21 at 13:13
  • It might depend on what exactly your app is doing with cookies, but according to the [documentation](https://cloud.google.com/appengine/docs/standard/java/reference/request-response-headers#headers_added): Setting `Set-cookie` header will modify `Cache-Control` and `Expires`. Try to play with it and let us know the outcome. – Javier M Nov 11 '21 at 15:58
  • Thank you, but the documentation says that the cache should still be `private` which is browser cachable. Also this response doesn't set any cookies, as can be seen in screenshot. – anotherfred Nov 11 '21 at 18:32
  • Hi, GCP support here. We'd like to take a look at your setup. [Can you raise a private thread in the issue tracker (referencing this question, as stated in the template) with the project ID and some example URLs that are failing?](https://issuetracker.google.com/issues/new?component=491299) After you've created the thread, please share here the issue ID so we can follow up. Note that issues in that component will only be accessible for you and GCP support. – Jofre Nov 12 '21 at 15:18
  • @Jofre Thank you. Issue ID is 206099946 – anotherfred Nov 13 '21 at 21:46

2 Answers2

1

GCP support have suggested this is an edge case due to the use of IAP. A workaround I have implemented which I can recommend for anyone else in this situation is to remove the static route and serve the files from your app instead. While this increases load on the app, the high max age means they will not be requested often.

anotherfred
  • 1,330
  • 19
  • 25
0

There's some documentation of this at : This page describes best practices for using Identity-Aware Proxy (IAP) https://cloud.google.com/iap/docs/concepts-best-practices -- TL;DR, App Engine does some caching for static_files that interacts poorly with IAP. That page has some instructions you can apply if you want to protect your static_files.

Alva Santi
  • 75
  • 5
  • Thank you, but that page is linked from the question I referred to, and doesn't seem to contain anything relevant - just some general points about CDNs – anotherfred Nov 19 '21 at 10:07