Fix: Static assets should not have the same rate limit (#6360)

Co-authored-by: Robert Brennan <accounts@rbren.io> Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>
2026-03-22 13:47:19 +08:00 · 2025-01-20 14:55:49 -07:00
parent d30211da18
commit b6804f9e1e
2 changed files with 17 additions and 5 deletions
--- a/openhands/server/middleware.py
+++ b/openhands/server/middleware.py
@@ -8,6 +8,7 @@ from fastapi import Request, status
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse
 from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request as StarletteRequest
 from starlette.types import ASGIApp

 from openhands.server.shared import session_manager
@@ -36,14 +37,17 @@ class LocalhostCORSMiddleware(CORSMiddleware):
        return super().is_allowed_origin(origin)


-class NoCacheMiddleware(BaseHTTPMiddleware):
+class CacheControlMiddleware(BaseHTTPMiddleware):
    """
    Middleware to disable caching for all routes by adding appropriate headers
    """

    async def dispatch(self, request, call_next):
        response = await call_next(request)
-        if not request.url.path.startswith('/assets'):
+        if request.url.path.startswith('/assets'):
+            # The content of the assets directory has fingerprinted file names so we cache aggressively
+            response.headers['Cache-Control'] = 'public, max-age=2592000, immutable'
+        else:
            response.headers['Cache-Control'] = (
                'no-cache, no-store, must-revalidate, max-age=0'
            )
@@ -95,7 +99,9 @@ class RateLimitMiddleware(BaseHTTPMiddleware):
        super().__init__(app)
        self.rate_limiter = rate_limiter

-    async def dispatch(self, request, call_next):
+    async def dispatch(self, request: StarletteRequest, call_next):
+        if not self.is_rate_limited_request(request):
+            return await call_next(request)
        ok = await self.rate_limiter(request)
        if not ok:
            return JSONResponse(
@@ -105,6 +111,12 @@ class RateLimitMiddleware(BaseHTTPMiddleware):
            )
        return await call_next(request)

+    def is_rate_limited_request(self, request: StarletteRequest):
+        if request.url.path.startswith('/assets'):
+            return False
+        # Put Other non rate limited checks here
+        return True
+

 class AttachConversationMiddleware(SessionMiddlewareInterface):
    def __init__(self, app):