Firstly you have to check headers response from your application in browser developer console - network tab.
X-Symfony-Header and you should see
So where is the problem?
I need manually to go through Symfony bootstrapping process via Xdebug and set up some breakpoints. The main goal was
setPrivate() method in
Symfony\Component\HttpFoundation\Response. You can see
Cache-Control header with
private sign (only public responses are cacheable).
Now you can see in one step back, that AbstractSessionListener::onKernelResponse has been called
What to do now?
You have to go through your code and find every try to set or get any data from/to SESSION | COOKIES.
But I am 100% sure, that I am not doing anything with SESSION | COOKIES
Donť say it and check your
app/config/security.yaml in Symfony < 4) config
firewalls rules and check your configuration. Because I had
main firewall patter to
^/ - every request will start SESSION and send COOKIE to the browser. So Symfony will set every response to be private!
Modify your default firewalls rule named
pattern: ^/(_(profiler|wdt)|css|images|js)/ to
pattern: ^/(_(profiler|wdt|fragment)|css|images|js). Yes, you have to remove trailing slash at the end of pattern! Do not forget to set
security: false on this
Reload your fragment url and you will see
GET /?fragment?hash...: stale, invalid, store or
Now it works! And you get super fast response with
GET /?fragment?hash...: fresh sign and working
If it helps, you are welcome ;o]