Mark Bergsma has uploaded a new change for review.
https://gerrit.wikimedia.org/r/79762
Change subject: Make sure Set-Cookie responses are not cacheable, and log
violations
......................................................................
Make sure Set-Cookie responses are not cacheable, and log violations
Change-Id: Ia15b2dd16151fcabcb5fae8e6b8123572255c098
---
M templates/varnish/text-backend.inc.vcl.erb
1 file changed, 7 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/62/79762/1
diff --git a/templates/varnish/text-backend.inc.vcl.erb
b/templates/varnish/text-backend.inc.vcl.erb
index 1bad43d..33b4c5a 100644
--- a/templates/varnish/text-backend.inc.vcl.erb
+++ b/templates/varnish/text-backend.inc.vcl.erb
@@ -34,6 +34,13 @@
}
sub vcl_fetch {
+ /* Make sure Set-Cookie responses are not cacheable, and log violations
*/
+ if (beresp.ttl > 0 && beresp.http.Set-Cookie) {
+ std.log("Cacheable object with Set-Cookie found. req.url: " +
req.url + " Set-Cookie: " + beresp.http.Set-Cookie);
+ set beresp.ttl = 0;
+ set beresp.http.Cache-Control = "private, max-age=0,
s-maxage=0";
+ }
+
/* FIXME: Fix up missing Vary headers on Apache redirects */
if ((beresp.status == 301 || beresp.status == 302)
&& beresp.http.Location ~ "^http"
--
To view, visit https://gerrit.wikimedia.org/r/79762
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia15b2dd16151fcabcb5fae8e6b8123572255c098
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mark Bergsma <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
