I'm creating a database/storage using Firebase as the backend for my website.
I have the option of having file metadata like size, cache control etc.
where do I get this information from? and
why is it important?
A majority of the information is already populated for you (size, content-type, etc.), so you don't have to get it anywhere else.
Additional information (such as content-disposition or cache-control) end up setting the relevant headers when the file is downloaded, which can change the behavior (such as what the name of the downloaded file is, or how long the browser caches the file).
Basically, in the normal case you won't have to do anything special, but if you want custom behavior, you have these features when you need them.
Related
I'm generating dynamic CSS URLs for cache-busting. I.e. they're in the format styles-thisisthecontenthash123.css.
I also want to use HTTP Link headers to load the files slightly faster. I.e. have the header Link: <styles-thisisthecontenthash123.css>; rel=stylesheet
I'm pretty sure it's possible to do this in Fastly using VCL, but I'm not familiar enough with the ecosystem to figure it out. The CSS URL is in index.html, which is cached. I'm thinking I can open index.html and maybe use regex to parse out the CSS URL. How would I do this?
If I'm understanding your question correctly, you want to include a link header for all requests for index.html. You can do that with Fastly, but if the URL for the CSS file is changing you're not going to be able to pull that info out with VCL (you can't inspect the response body).
You could use edge dictionaries and whenever your CSS filename changes, update the reference via the API.
Thing is, if you're going to make an API call whenever the file changes, might as well just keep the filename consistent (styles.css) and whenever you publish a new version send a cache invalidation (purge). Fastly will clear the cache in ~150ms, so you then all you have to do is add the header which is can be done in the Fastly web portal with a condition.
We have an ASP MVC 5 applications. We use bundles with optimization enabled by default. But we have heard several times from users, that they get errors, that we think are caused by old versions of user scripts. Their browsers somehow take scripts from cache, despite the fact, that we have edited that script files and bundles should be updated. The worst part of the problem is that we can't imitate or recreate this problem. We don't know how. We already have tried to make test-changes to scripts like adding some "console.log('test')" lines in order to see, if the browser takes the cached version, but everything was ok, the hash in the end of <script src="....?v='hash'"> changed and the browser took the newest version from first time. I should mention, that our site is a single page application. Don't know, maybe its somehow related with the problem.
Have you faced this kind of problem?
There's not enough information here to give a definitive answer. The bundler detects changes in files and will regenerate the bundle along with the link to that bundle, which will include an updated query string param. Since the query string is part of the URI, it's considered a totally different resource at this point, and the browser should fetch it again, because there is technically no cache available. The only logical reason this would not occur is if the HTML with the link to the bundle is not being updated. This can happen if you're using OutputCache or otherwise caching the HTML document. It can also happen if the client's browser is aggressively caching the HTML document. Unfortunately, there's not much you can do about that, as the client browser ultimately has control over what is or is not cached and for how long.
That said, given that this is a single page app, it's very possible that it's also including a cache manifest. This manifest will very often include the HTML file itself, and the browser will not refetch any file in the manifest unless the manifest itself is updated.
For a long time I've been updating ASP.NET pages on the server and never find the correct way to make changes visible on files like CSS and images.
I know if a append something in the URL the browser will think the file is another one:
<img src="/images/myLogo.png?v=1"/>
or perhaps changing its name:
<img src="/images/myLogo.v1.png"/>
Unfortunately it does not look the correct way. In a case were I'm using App_Themes the files in this folder are automatically injected in the page in a way I can't easily change the URL.
So my question is:
When I'm publishing de ASP.NET Application on the server what is the correct way to signal to IIS (and it notify browser after that) that a file was changed? It is not automatic? Should I change some configuration in IIS or perhaps make some "decoration" in the code?
I've already tried many questions here in SO like "ASP.NET - Invalidate browser cache", "How to refresh the browser cache of an image?", "Handle cached images? How to get the browser to show the new version?", and even "What is an elegant way to force browsers to reload cached CSS/JS files?" but none of them actually take another aproach else in a way you must handle it manually in the code instead of IIS or ASP.NET configuration.
The closer I could find is "Asking browsers to cache our images (ASP.NET/IIS)" where they set expiration but not based on the fact the files were update. Instead they used days or hour to cache those file so they would updated even when no changes were made.
I'm want to know if IIS or ASP.NET offers something related to this, automatically send to the browser that the files was changed. Is it possible/built in?
The options you have to update the browser side, cached item are:
Change the file name
Add url parameter
Place it on cache for a limited time (eg for couple of hours)
Compare the date-time of creation.
Signaling with eTag.
With the three two you avoiding one server call for each item, but the third option load it again after some time.
With the others you have to make one call to the server to see if needs to be load it again.
So you can not have all here, there is not correct way, and you need to chose what is the best for you, and what you can do. The faster from client perspective is the (1) and (2) options.
The direct answer to your question is to use eTag, or date-time compare of the file creation, but you loose that way, a call to the server, you only win the size of what is travel back.
Some more links:
http eTag
How do I support ETags in ASP.NET MVC?
Configuring ETags with Http module in asp.net
How to control web page caching, across all browsers?
Jquery getScript caching
and you can find even more.
I would like to have a whitelist of filetypes that users are authorized to upload to my IIS server (im using IIS v7.5).
What is the options that i have? For example, to restrict filesize to 5MB for a specific action in my controller, i added this section to my webconfig:
<location path="home/fileupload">
<system.web>
<!-- maxRequestLength is in kilobytes (KB) -->
<httpRuntime maxRequestLength="5120" /> <!-- 5MB -->
</system.web>
<system.webServer>
<security>
<requestFiltering>
<!-- maxAllowedContentLength is in bytes -->
<requestLimits maxAllowedContentLength="5242880"/> <!-- 5MB -->
</requestFiltering>
</security>
</system.webServer>
</location>
Is there an option in the webconfig to set a whitelist of allowed filetypes? Or is the only option is to validate the filetypes in code when the file is fully uploaded? What is the recommended technics? How can i be sure that the .docx, .pdf, .jpg, etc are really what they are?
Since you are wanting server side you could use the files mime type.
THIS post shows how to determine the MIME type based on the files contents (instead of by the extension).
If you do want to limit the input to SPECIFIC file extension you could simply check the input name against what you want to accept. If this passes you could do an xref against the library in the post I linked to make sure the user didn't just change the file extension on you.
Doing this would provide a pretty good degree of certainty that the file is one that you want to accept!
EDIT: Based on comments so far....
Based on what you have said you are looking for this method should work quite nicely for you. My suggestion if you are simply wanting to limit it to the types of files listed in one of you comments... Do a simple check on the file extension. If that is valid then pass the file to the urlmon.dll listed in the link. Make sure it doesn't come back as an invalid type....aka Executable/java/zip/etc. If it isn't an invalid type then you will have a very high degree of certainty that it is a safe file!
Lastly, reading through the comments on that post it looks like the urlmon.dll might support all the file types you are wanting implicitly which would remove the need to check that it isn't an executable or something of that nature, but you would need to confirm the doc/docx/xsl/xslx do return a valid mime type.
No, there is no web.config setting to restrict what gets uploaded.
The only possible way to validate uploaded data is to actually validate that data in code.
Even if there were a setting, it would be useless anyway because it would be based on the Content-Type headers received from the client, which can be quite wrong.
In code, you can certainly look at the Content-Type header, but if you're trying to validate that the uploaded data is of a specific type, you're going to have to do so manually, based on what kind of data you are expecting. For an image, this is easy. For other file types, it can be a lot harder.
Data Anotations is what you are looking for, here is a search that may help you, google data anotaions
Update
I think it validates off of file extensions. If you don't wan't to rely on file extensions, I think your best bet is to validate off of MIME types. This is more complex and varies from browser to browser, and can be faked (although this is more complex than faking an extension.)
A simple yet not free option is to use Telerik RadAsyncUpload.
You could write this code yourself (although I've never messed with it) this may get you started. (this post deals with the fact that you can't reliably detect mime types without IIS, but it should get you on your way.)
Hopefully this will get you going. As you know, you can restrict files by their size, validate by their extensions, and if you add validation by MIME types I think you have done all you can. I think this is all you can do to be safe and not to exclude valid files; although I have heard of hashing the file, and some other options; but these will most defiantly exclude legit files.
Also, as I mentioned, MIME types can be fakes and sent to your server, to be extra safe you should validate on both client side and server side.
In IIS7 I am trying to set a really far future expires header for all content that have the file name that has a specific word in it. For example I would like to set this header on any file being requested from IIS7 that is
*cached*.js
I know that it is possible to set far future expires headers, But I want to know if it is possible to set it on specific files like in the example above.
I want to use this method on a .NET application I am trying to serve up, but I want to make it more efficient so that certain files will be cached for a very long time, because it virtually never changes. At the same time I don't want to be restricted to doing it for all files in a certain folder or all files of certain type.
I am open to doing this through modifying my Asp.Net application to achieve this, or through IIS7 settings.
So guys, what do you think, is There a way to do this?
An HttpModule will let you do this. That would let you look at the incoming URL then add the correct response headers.
Edit: Added Example
You can use this URL to create a basic HttpModule. Then in the Application_BeginRequest event, I think this code will be close to what you want:
if (context.Request.FilePath.ToLower().IndexOf("cached") != -1)
context.Response.Cache.SetExpires(DateTime.Now.AddYears(1));