- Issue created by @dewalt
StageFileProxySubscriber has the next priority:
// Priority 240 is after ban middleware but before page cache.
$events[KernelEvents::REQUEST][] = ['checkFileOrigin', 240];
Comment says about priority of a middleware, but it is an Event Subscriber, which priorities and way of works aren't intersect. So the open questions:
Should this functionality be implemented as a middleware, and not as an EventSubscriber?
If true, what the priority should it have?
- 400: NegotiationMiddleware
- 300: ReverseProxyMiddleware
- 250: Cors (should be executed)
- 250: BanMiddleware
- 200: PageCache
- 100: KernelPreHandle
- 50: Session
I agree that Stage File Proxy processing should go after Ban, but I don't think that Page Cache should be ignored - hotlink could be cached with cache tags invalidating on the module config changes.
If KernelPreHandle and Session middleware have no conflicts - the implementation could be kept in Event Subscriber, but the priority question is still open.
Event subsribers that makes redirect has high priority in the Drupal core. So what should have the module one?
- 1000: OptionsRequestSubscriber
- 1000: RedirectLeadingSlashesSubscriber
- 300: AuthenticationSubscriber
- 299: TimeZoneResolver
- 255: LanguageRequestSubscriber
- 240: This module
- 50: AjaxResponseSubscriber
- 30: MaintenanceModeSubscriber
- 29: DynamicPageCacheSubscriber
- 0: JsonApiRequestValidator
- 0: ReplicaKillSwitch
Do we need make Authentication or resolve Language/Time Zone in the request to public static file? If no, the module priority should be higher than 300 (after RedirectLeadingSlashesSubscriber)
Do we need show Maintenance Mode page or cache with Dynamic Page Cache? In this way the priority should be lower than 29.
Active
3.0
Code