From a1712ae178c8249ec2aa1890f69dbde92a504a5f Mon Sep 17 00:00:00 2001 From: StyxX65 <150797939+StyxX65@users.noreply.github.com> Date: Thu, 11 Jun 2026 14:39:45 +0200 Subject: [PATCH] Make static files revalidate so the UI is fresh after updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No Cache-Control header meant browsers cached JS/CSS heuristically for days; after a server update (including the in-app self-update reload) the backend was new but the frontend stayed stale. SEND_FILE_MAX_AGE _DEFAULT=0 forces ETag revalidation — 304 when unchanged, fresh file immediately after an update. Co-Authored-By: Claude Fable 5 --- CHANGELOG.md | 4 ++++ gdpr_scanner.py | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 093f0cc..c61ce12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,10 @@ Version numbers follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html ## [Unreleased] +### Fixed + +- **Stale UI after updating the server** — Flask served `/static/` files with no `Cache-Control` header, so browsers cached JS/CSS heuristically (often for days). After a server update — including the new in-app self-update, whose post-install reload hit the cache — the backend was new but the frontend stayed old, and fixes appeared "not to work" until a hard refresh. `SEND_FILE_MAX_AGE_DEFAULT = 0` now makes every static file revalidate via ETag: unchanged files answer with a cheap 304, changed files are re-fetched immediately on the next normal page load. + --- ## [1.7.4] — 2026-06-10 diff --git a/gdpr_scanner.py b/gdpr_scanner.py index 686cb9f..948d7fc 100644 --- a/gdpr_scanner.py +++ b/gdpr_scanner.py @@ -317,6 +317,11 @@ app = Flask(__name__, template_folder=_os.path.join(_BASE_DIR, "templates"), static_folder=_os.path.join(_BASE_DIR, "static")) +# Static files must revalidate on every load (cheap 304s via ETag). Without +# this there is no Cache-Control header and browsers cache JS/CSS heuristically +# for days — after a self-update the backend is new but the UI stays stale. +app.config["SEND_FILE_MAX_AGE_DEFAULT"] = 0 + # Session secret — derived from machine_id so it survives restarts without a separate file. # machine_id is also the Fernet key (base64-encoded 32 bytes); we use its raw bytes as the secret. try: