Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-7896

Generation of CSRF token is too expensive

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • 5.7.9, 6.1.7, 6.2.4
    • 6.1.6, 6.2.3
    • None
    • demopublic
    • Maintenance 28
    • 3

      When disabling the country filter, response time gets noticeably slower. This can be reproduced in our demo but not in a local installation with the bundle. 

      Steps to reproduce:

      • Execute the following command in order to measure the response time:
        curl -so /dev/null -w '%{time_starttransfer} Seconds \n' https://demopublic.magnolia-cms.com
      • Add configuration property /server/filters/country@enabled with value false in order to disable the filter and execute same command than in step 1.

      Expected result: response time is similar or even lower as filter execution is avoided.
      Actual result: response time is noticeably higher:

      $ curl -so /dev/null -w '%{time_starttransfer} Seconds \n' https://demopublic.magnolia-cms.com/travel 
      0.998357 Seconds 
      
      COUNTRY FILTER IS DISABLED
      
      $ curl -so /dev/null -w '%{time_starttransfer} Seconds \n' https://demopublic.magnolia-cms.com/travel 
      2.363181 Seconds 
      
      
      

      Timebox for investigation: 3 SP

      • Verify findings, can they be used as a solution?
      • Consider potential implications (login page CSRF)

        Acceptance criteria

          1. image-2020-10-01-15-40-42-358.png
            9 kB
            Julius Rabe
          2. Screenshot 2020-09-30 at 08.00.48.png
            404 kB
            Jan Haderka
          3. Screenshot 2020-09-30 at 08.09.20.png
            542 kB
            Jan Haderka

              apchelintcev Aleksandr Pchelintcev
              jayala Jonathan Ayala
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 6h 11m
                  6h 11m