LowFile-scopeC# Plug & play

StaticFileOptions with cache policy and types

Configure UseStaticFiles with OnPrepareResponse to set "Cache-Control: public, max-age=31536000, immutable" for hashed assets and "no-cache" for HTML; ensure correct Content-Type (e.g., "font/woff2", "text/css").

Add to Mesrai Open workspace

Why this matters

Explicit headers and MIME types avoid stale assets and incorrect rendering.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

app.UseStaticFiles(); // default caching and types

Prefer

app.UseStaticFiles(new StaticFileOptions{ OnPrepareResponse = ctx => { var p = ctx.File.Name; if(hashRegex.IsMatch(p)) ctx.Context.Response.Headers["Cache-Control"] = "public, max-age=31536000, immutable"; else if(p.EndsWith(".html")) ctx.Context.Response.Headers["Cache-Control"] = "no-cache"; } });

More snippets

Good

ctx.Context.Response.Headers["Cache-Control"] = "public, max-age=31536000, immutable"

Bad

app.UseStaticFiles(); // defaults

Related rules

From the same buckets as this rule.

Critical
Fingerprint assets and cache immutably
All static JS/CSS/font/image files MUST use content-hashed filenames (e.g., app.9c1a7b.js) and be served with "Cache-Control: public, max-age=31536000, immutable". HTML and other non-fingerprinted documents MUST be served with "Cache-Control: no-cache" (or equivalent) to enable conditional revalidation.
web-static-assetscaching-strategy+2
High
Compress text assets with Brotli/Gzip and set Vary
Serve text-based assets (JS, CSS, JSON, SVG) with Brotli (br) when the client sends "Accept-Encoding: br" and fallback to gzip. Always set "Vary: Accept-Encoding" and do NOT compress already-compressed formats (e.g., .png, .jpg, .woff2).
web-static-assetsperformance-efficiency+1
High
Immutable cache and Vary for precompressed files
Serve precompressed .br/.gz variants when the client sends Accept-Encoding, set "Vary: Accept-Encoding", and apply immutable caching for hashed assets; keep HTML revalidatable.
web-static-assetscaching-strategy+1

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

app.UseStaticFiles(); // default caching and types

Prefer

app.UseStaticFiles(new StaticFileOptions{ OnPrepareResponse = ctx => { var p = ctx.File.Name; if(hashRegex.IsMatch(p)) ctx.Context.Response.Headers["Cache-Control"] = "public, max-age=31536000, immutable"; else if(p.EndsWith(".html")) ctx.Context.Response.Headers["Cache-Control"] = "no-cache"; } });

More snippets

Good

ctx.Context.Response.Headers["Cache-Control"] = "public, max-age=31536000, immutable"

Bad

app.UseStaticFiles(); // defaults

Related rules

From the same buckets as this rule.

Critical

Fingerprint assets and cache immutably

All static JS/CSS/font/image files MUST use content-hashed filenames (e.g., app.9c1a7b.js) and be served with "Cache-Control: public, max-age=31536000, immutable". HTML and other non-fingerprinted documents MUST be served with "Cache-Control: no-cache" (or equivalent) to enable conditional revalidation.

web-static-assetscaching-strategy+2

High

Compress text assets with Brotli/Gzip and set Vary

Serve text-based assets (JS, CSS, JSON, SVG) with Brotli (br) when the client sends "Accept-Encoding: br" and fallback to gzip. Always set "Vary: Accept-Encoding" and do NOT compress already-compressed formats (e.g., .png, .jpg, .woff2).

web-static-assetsperformance-efficiency+1

High

Immutable cache and Vary for precompressed files

Serve precompressed .br/.gz variants when the client sends Accept-Encoding, set "Vary: Accept-Encoding", and apply immutable caching for hashed assets; keep HTML revalidatable.

web-static-assetscaching-strategy+1