On Wed, May 25, 2016 at 11:02 AM, Pinakee BIswas <[email protected]> wrote: > Hi, > > Our backend uses CSRF tokens for form posts. For pages with forms, if > Varnish caching is enabled for such pages, form post is failing due to CSRF > error. Is there a way to handle this? I have been reading that using ESI is > a solution. > > Would really appreciate if someone could help with the above.
IIUC a client may GET a page that contains tokens for a later POST, and such pages should not be cached by Varnish. The solution would then be to have your backend add Cache-Control:private when responses target specific clients. Dridi _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
