Strict content validation for cache-busted URLs #203
Description
This issue tracks a future enhancement to add strict validation that ensures cache-busted URLs only return content matching their embedded hash.
Context:
The current cache busting implementation in PR #192 strips the hash from incoming URLs and serves the underlying file. However, it doesn't validate that the hash in the URL matches the actual content being served. This was discussed on Slack as a potential enhancement.
Proposed Enhancement:
Add optional strict mode where:
- The middleware validates the hash in the URL against the actual file content
- Returns 404 or appropriate error if the hash doesn't match
- Ensures clients never receive stale content for cache-busted URLs
- Provides stronger guarantees about cache coherency
Trade-offs:
- Additional overhead for hash validation on each request
- May not be necessary for all use cases
- Current implementation already provides good cache busting behavior
Related:
- Implementation PR: feat: Adds support for cache busting #192
- Slack discussion (referenced in PR comments)
Priority:
Future enhancement - can be implemented if specific use cases require stronger guarantees.
Requested by: @nielsenko