| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- # frozen_string_literal: true
- require 'action_dispatch/middleware/static'
- class PublicFileServerMiddleware
- SERVICE_WORKER_TTL = 7.days.to_i
- CACHE_TTL = 28.days.to_i
- def initialize(app)
- @app = app
- @file_handler = ActionDispatch::FileHandler.new(Rails.application.paths['public'].first)
- end
- def call(env)
- file = @file_handler.attempt(env)
- # If the request is not a static file, move on!
- return @app.call(env) if file.nil?
- status, headers, response = file
- # Set cache headers on static files. Some paths require different cache headers
- headers['Cache-Control'] = begin
- request_path = env['REQUEST_PATH']
- if request_path.start_with?('/sw.js')
- "public, max-age=#{SERVICE_WORKER_TTL}, must-revalidate"
- elsif request_path.start_with?(paperclip_root_url)
- "public, max-age=#{CACHE_TTL}, immutable"
- else
- "public, max-age=#{CACHE_TTL}, must-revalidate"
- end
- end
- # Override the default CSP header set by the CSP middleware
- headers['Content-Security-Policy'] = "default-src 'none'; form-action 'none'" if request_path.start_with?(paperclip_root_url)
- headers['X-Content-Type-Options'] = 'nosniff'
- [status, headers, response]
- end
- private
- def paperclip_root_url
- ENV.fetch('PAPERCLIP_ROOT_URL', '/system')
- end
- end
|
