first: I have been reading a lot of SO posts, and did not find a satisfying answer. I hope I did not miss the answer.
Situation:
- I'm running a Laravel application (PHP 7.3)
- I implemented a full page cache using FastCGI (php-fpm) and Nginx
- It works great, BUT dynamic things like the csrf token are not refreshed
- My Goal: get a full cached page, but with the right CSRF token for user session
What I've tried:
- I digged into Nginx SSI, but only could make it work with .html file. Here I wanted to include a simple .php file (that include laravel Core) to retrieve the output of
csrf_token()- I tried with
fileandvirtualincludes, with.phpfile and API routes. It never worked in my Blade templates. (Strange as I understood, it's based on response content-type like text/html). Even a basic<!--#echo var="DATE_LOCAL" -->does not work and is stripped out by Nginx (not in response). - same tests in a
.htmlfile worked. I could include my .php file that has my token
- I tried with
- I looked into ESI (Edge Side Loading), but it seems that there is not support for Nginx yet... too bad.
- It seems possible to use Varnish as a proxy to get ESI working. But it's a lot of changes to our infrastructure.
What I have left:
- In the end, the only solution I can think of is to make an Ajax API request onLoad to get the token. On every page load. It does not seem a really good approach but, I'm out of options (am I?).
- Maybe I can trick Nginx to think my root index.php is HTML and so get SSI to work? (inspiration)
- SSI/ESI seems exactly what I need. But it also seems to be "an old" technology. Still, I couldn't find real alternatives.
Questions:
- is SSI only possible with HTML files?
- is installing everything for ESI worth?
- is Ajax the only solution I have?
- is there something else I could have missed?
Thanks a lot. I know there are similar questions, but I could not find a definitive answer to this situation.