Branch deploys, deploy previews cause live production asset etag updates **security issue**

Branch deploys and deploy-preview deploys cause assets on my production site to have their etags updated.
I know this is true because my production PWA detects asset etag changes and alerts users that new content may be available, but all I’ve done is build and publish a staging/development branch (or so I thought).

My builds produce output to the same, non-source controlled, local directory.

I don’t want to have to check-in or keep track of assets of successful Netlify production deploys, and/or have to build to branch/PR specific output directories…
Does Netlify expect you to do this?

Regardless of what is going on here, a result like this is a very high security issue and should be extremely hard/impossible to do by accident/default.

My Netlify site name: suspicious-lalande-21fd48.netlify.app

What you describe does not sound like intended behavior nor like behavior that our system has :slight_smile: Due to your assertion that this was a security issue, I’ve asked the security team to review but I think they’ll ask what I’m asking: Can you please provide a reproduction case so we can examine in detail what is happening and guide you in changing your config to avoid this situation? I think it probably has to due with your custom caching headers, but until I can see it in action, it’s hard to be sure what is happening.

Thanks!

fair (of course). As time permits, I’ll create a minimum reproducible example as a public repo.

Thank you! We will stay tuned for a response :slight_smile: