Development server must be restarted after each configuration change

[jelhan]

Changes to the configuration in config/ember-cli-content-security-policy.js are not reflected by a running development server instance even so they trigger a rebuild. A restart of the development server is required. This should be either documented or resolved.

[rwjblue]

What would we need to do to handle this without a restart? Obviously part of the issue is with require caching, but do all of our systems re-run for each request (if we bust that cache)?

[jelhan]

I debugged a little bit:

• As described above changing config/content-security-policy.js triggers a reload. But both the CSP header as well as CSP meta tag does not reflect the change.
• config and contentFor hooks are run when config/content-security-policy.js changes.
• serverMiddleware hook does not run when config/content-security-policy.js. But the express middleware registered in that hook runs on each request.
• The addon configuration is calculated ones and cached. There isn't any logic that invalidates the cache.

I guess there are two soulutions to this issue:

1. Not caching the calculated CSP and other configuration.
2. Invalidating that cache when config/content-security-policy.js changes.

I guess it's a decision between two tradeoffs: The time needed to calculate the CSP and other derived configuration on each reload and additional work needed for caching. I think we can ignore memory overhead. But the time needed to derive a caching key and comparing it to the key used for cached configuration should be significantly smaller than the time needed to calculate configuration. To be honest I'm not sure if caching pays off at the end of the day at all for this scenario.