The Curious Case of Caching CSRF Tokens
The text discusses the challenges faced by an e-commerce site using Magento platform when trying to optimize its performance with Cloudflare while maintaining security. Despite initial improvements through HTTP/2 protocol, server push, lazy loading and dynamic image format conversion, the site's speed remained slow due to a long Time To First Byte (TTFB). The issue was traced back to Magento's page render time, which was optimized by enabling cookie-based caching for anonymous users. However, this led to an unexpected problem where the Add to Cart functionality failed on the first request. This issue was resolved by using a plugin that dynamically injected CSRF tokens into web pages just before the Add to Cart button was clicked. The author also mentions how Magento's security patches from 2015 caused this issue and how it became noticeable during the Black Friday season when many e-commerce sites started optimizing their performance with Cloudflare.
Company
Cloudflare
Date published
Dec. 13, 2017
Author(s)
Junade Ali
Word count
3202
Language
English
Hacker News points
None found.