77Working with Server Side Includes
88=================================
99
10- In a similar way as:doc: `ESI (Edge Side Includes) <esi >`, SSI can be used to
11- control HTTP caching on fragments of a response. The most important
12- difference that is SSI is known directly by most web servers like
13- `Apache <https://httpd.apache.org/docs/current/en/howto/ssi.html >`_,
14- `Nginx <https://nginx.org/en/docs/http/ngx_http_ssi_module.html >`_ etc.
10+ In a similar way as:doc: `ESI (Edge Side Includes) </http_cache/esi >`,
11+ SSI can be used to control HTTP caching on fragments of a response.
12+ The most important difference that is SSI is known directly by most
13+ web servers like `Apache `_, `Nginx `_ etc.
1514
16- The SSI instructions are donein HTML comments:
15+ The SSI instructions are donevia HTML comments:
1716
1817..code-block ::html
1918
@@ -29,15 +28,13 @@ The SSI instructions are done in HTML comments:
2928 </body >
3029 </html >
3130
32- There is some other `available directives
33- <https://en.wikipedia.org/wiki/Server_Side_Includes#Directives> `_ but
31+ There are some other `available directives `_ but
3432Symfony manages only the ``#include virtual `` one.
3533
3634..caution ::
3735
3836 Be careful with SSI, your website may be victim of injections.
39- Please read this OWASP article first:
40- https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection.
37+ Please read this `OWASP article `_ first!
4138
4239When the web server reads an SSI directive, it requests the given URI or gives
4340directly from its cache. It repeats this process until there is no more
@@ -57,7 +54,6 @@ First, to use SSI, be sure to enable it in your application configuration:
5754
5855# config/packages/framework.yaml
5956framework :
60- # ...
6157ssi :{ enabled: true }
6258
6359code-block ::xml
@@ -73,18 +69,16 @@ First, to use SSI, be sure to enable it in your application configuration:
7369 http://symfony.com/schema/dic/symfony/symfony-1.0.xsd" >
7470
7571 <framework : config >
76- <!-- ...-->
77- <framework : ssi enabled =" true"
72+ <framework : ssi enabled =" true"
7873 </framework : config >
7974 </container >
8075
8176code-block ::php
8277
8378 // config/packages/framework.php
84- $container->loadFromExtension('framework', array(
85- // ...
86- 'ssi' => array('enabled' => true),
87- ));
79+ $container->loadFromExtension('framework', [
80+ 'ssi' => ['enabled' => true],
81+ ]);
8882
8983
9084to cache a static GDPR content block. With SSI, you can add some expiration
@@ -131,7 +125,7 @@ The ``render_ssi`` twig helper will generate something like:
131125
132126<!-- #include virtual="/_fragment?_hash=abcdef1234&_path=_controller=App\Controller\ProfileController::gdpr"-->
133127
134- ``render_esi `` ensures that SSI directive are generated only if the request
128+ ``render_ssi `` ensures that SSI directive are generated only if the request
135129has the header requirement like ``Surrogate-Capability: device="SSI/1.0" ``
136130(normally given by the web server).
137131Otherwise it will embed directly the sub-response.
@@ -140,3 +134,8 @@ Otherwise it will embed directly the sub-response.
140134
141135 For more information about Symfony cache fragments, take a tour on
142136 the:ref: `ESI documentation <http_cache-fragments >`.
137+
138+ .. _`Apache` :https://httpd.apache.org/docs/current/en/howto/ssi.html
139+ .. _`Nginx` :https://nginx.org/en/docs/http/ngx_http_ssi_module.html
140+ .. _`available directives` :https://en.wikipedia.org/wiki/Server_Side_Includes#Directives
141+ .. _`OWASP article` :https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection