Vulnerability in EPiServer.Forms
We have noticed that images uploaded via the CMS are served with an Expires header. Currently we use the default value of 12 hours. We have encountered a problem where an Editor changes and image but re-uploads it with the same name.
This means the browser does not re-request the asset. The ETag does not change.
Is it possible to append some hash or GUID to Episerver images so that they have a unique name on each change?
We use Mads Kristensen approach (fingerprint) for bursting cache for static client side resources - http://madskristensen.net/post/cache-busting-in-aspnet
Maybe similar approach could be used for ages as well - like adding query string parameters at the end?! To generate unique query string you can use last modified date from content data..
Not sure if that's the best approach tho
Thanks Valdis! It worked.