made sure the form token (a CSRF token) was only set for authenticated users, and ensured it specified
- refined this to make sure that GET forms don't get a form token by default, i.e. only POST forms get this.
#lazy_buildercallback, which means the rendered form can actually be cached, because the form token is rendered later, and therefore the rendered form is not always by definition bound to the current user/session, which is what made it uncacheable. But it keeps the
max-age=0that point 1 introduced, because removing that merits further discussion.
then moves the rendering of the form token into a
- This issue is about removing the
max-age=0that point 1 introduced, and having that further discussion.
also points out how caused a very big performance regression. #2571909 made the comment form no longer personalized per user, so we thought we made the form cacheable. But we forgot about the form token setting
max-age=0, which then makes the
full node display uncacheable!
User interface changes
Data model changes