Deployment Notes
Peter Woo edited this page Mar 13, 2018
·
2 revisions
Action Center is deployed behind Varnish HTTP cache so that the most frequent requests don't need to hit the back end. The caching behavior for most pages is given in config/response-headers.yml. These are supplemented by the Varnish configuration in varnish.vcl.
Because content served to logged-out users may be cached in its entirety by Varnish (including authenticity tokens), the verify_authenticity_token filter is disabled for several controllers related to these pages. They can be restored if you are deploying without Varnish. Instead, CSRF is mitigated by checking the request's Origin header.