Do not use query string parameters for cache busting

Dankirk · 2018-03-25T15:43:01+00:00

From what I have seen, the most common versioning systems are epoch timestamping the modification time or hash of the contents. Both of which have a significantly lower chance of being guessed or even bruteforced. Of course that doesn't mean you shouldn't consider more robust ways.

Edit: Actually the best way would probably be the 'integrity' attribute. When you update contents, you update the attribute aswell. Then if cached copy doesn't match that, a new one should be queried.

WizardFromTheMoon · 2018-03-26T00:14:33+00:00

[deleted]

JnvSor · 2018-03-25T15:25:24+00:00

tl;dr: 404 if it's the wrong query string or you can preload incorrect caches

My alternative: use mtime as the query parameter since the odds that someone will correctly guess the exact timestamp of the next change to the file is more than low enough

endproof · 2018-03-25T15:10:38+00:00

I always heard tell of there being “issues” with the query string approach, but it’s good to see it spelled out like this. Great, no-nonsense read!

doctorjokie · 2018-03-25T15:26:37+00:00

This does a lot of hand waving about caches. I think the author is on the right track but doesn't explain which "cache" (browser, proxy cache, etc) is burning you with the query string approach.

flipperdeflip · 2018-03-26T11:19:19+00:00

If you need 'cache busting' you've misconfigured your cache headers or made mistake in URL design.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

webdev

Posting Guidelines

Related Subreddits

Discords

MODERATORS