Branch deploys and deploy-preview deploys cause assets on my production site to have their etags updated.
I know this is true because my production PWA detects asset etag changes and alerts users that new content may be available, but all I’ve done is build and publish a staging/development branch (or so I thought).
My builds produce output to the same, non-source controlled, local directory.
I don’t want to have to check-in or keep track of assets of successful Netlify production deploys, and/or have to build to branch/PR specific output directories…
Does Netlify expect you to do this?
Regardless of what is going on here, a result like this is a very high security issue and should be extremely hard/impossible to do by accident/default.
My Netlify site name: suspicious-lalande-21fd48.netlify.app
Due to your assertion that this was a security issue, I’ve asked the security team to review but I think they’ll ask what I’m asking: Can you please provide a reproduction case so we can examine in detail what is happening and guide you in changing your config to avoid this situation? I think it probably has to due with your custom caching headers, but until I can see it in action, it’s hard to be sure what is happening.