fix(shared): Add Netlify-Vary header to prevent CDN caching of auth responses#8028
Draft
wobsoriano wants to merge 4 commits intomainfrom
Draft
fix(shared): Add Netlify-Vary header to prevent CDN caching of auth responses#8028wobsoriano wants to merge 4 commits intomainfrom
wobsoriano wants to merge 4 commits intomainfrom
Conversation
…esponses Consolidate Netlify cache handling into a single `handleNetlifyCacheHeaders` function that sets `Netlify-Vary: cookie=__client_uat,cookie=__session` on all auth responses when running on Netlify. This prevents the CDN from serving stale session state across different users/sessions. The function is called once per request in each framework SDK middleware, right after `authenticateRequest` returns, replacing the previous dev-only cache-bust approach with proper CDN cache isolation for both dev and prod.
🦋 Changeset detectedLatest commit: 3453259 The changes in this PR will be included in the next version bump. This PR includes changesets to release 21 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Member
Author
|
!snapshot |
Contributor
|
Hey @wobsoriano - the snapshot version command generated the following package versions:
Tip: Use the snippet copy button below to quickly install the required packages. npm i @clerk/agent-toolkit@0.3.4-snapshot.v20260310165744 --save-exact
npm i @clerk/astro@3.0.4-snapshot.v20260310165744 --save-exact
npm i @clerk/backend@3.2.0-snapshot.v20260310165744 --save-exact
npm i @clerk/chrome-extension@3.1.2-snapshot.v20260310165744 --save-exact
npm i @clerk/clerk-js@6.2.1-snapshot.v20260310165744 --save-exact
npm i @clerk/dev-cli@0.1.1-snapshot.v20260310165744 --save-exact
npm i @clerk/expo@3.1.2-snapshot.v20260310165744 --save-exact
npm i @clerk/expo-passkeys@1.0.4-snapshot.v20260310165744 --save-exact
npm i @clerk/express@2.0.4-snapshot.v20260310165744 --save-exact
npm i @clerk/fastify@3.1.2-snapshot.v20260310165744 --save-exact
npm i @clerk/hono@0.1.2-snapshot.v20260310165744 --save-exact
npm i @clerk/localizations@4.2.1-snapshot.v20260310165744 --save-exact
npm i @clerk/msw@0.0.4-snapshot.v20260310165744 --save-exact
npm i @clerk/nextjs@7.0.4-snapshot.v20260310165744 --save-exact
npm i @clerk/nuxt@2.0.4-snapshot.v20260310165744 --save-exact
npm i @clerk/react@6.1.0-snapshot.v20260310165744 --save-exact
npm i @clerk/react-router@3.0.4-snapshot.v20260310165744 --save-exact
npm i @clerk/shared@4.2.1-snapshot.v20260310165744 --save-exact
npm i @clerk/tanstack-react-start@1.0.4-snapshot.v20260310165744 --save-exact
npm i @clerk/testing@2.0.4-snapshot.v20260310165744 --save-exact
npm i @clerk/ui@1.2.1-snapshot.v20260310165744 --save-exact
npm i @clerk/upgrade@2.0.2-snapshot.v20260310165744 --save-exact
npm i @clerk/vue@2.0.4-snapshot.v20260310165744 --save-exact |
Clerk uses suffixed cookies (e.g. __client_uat_AbC12345) by default for newer instances. The Netlify-Vary header now includes both unsuffixed and suffixed cookie names computed from the publishable key, ensuring CDN cache isolation works for all Clerk instances.
Member
Author
|
!snapshot |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidate Netlify cache handling into a single
handleNetlifyCacheHeadersfunction that setsNetlify-Vary: cookie=__client_uat,cookie=__sessionon all auth responses when running on Netlify. This prevents the CDN from serving stale session state across different users/sessions.The function is called once per request in each framework SDK middleware, right after
authenticateRequestreturns, replacing the previous dev-only cache-bust approach with proper CDN cache isolation for both dev and prod.Description
Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change