Mark Bergsma has submitted this change and it was merged.
Change subject: Make sure Set-Cookie responses are not cacheable, and log
violations
......................................................................
Make sure Set-Cookie responses are not cacheable, and log violations
Change-Id: Ia15b2dd16151fcabcb5fae8e6b8123572255c098
---
M templates/varnish/text-backend.inc.vcl.erb
1 file changed, 8 insertions(+), 0 deletions(-)
Approvals:
Mark Bergsma: Looks good to me, approved
jenkins-bot: Verified
diff --git a/templates/varnish/text-backend.inc.vcl.erb
b/templates/varnish/text-backend.inc.vcl.erb
index 1bad43d..db0e1ec 100644
--- a/templates/varnish/text-backend.inc.vcl.erb
+++ b/templates/varnish/text-backend.inc.vcl.erb
@@ -34,6 +34,14 @@
}
sub vcl_fetch {
+ /* Make sure Set-Cookie responses are not cacheable, and log violations
*/
+ if (beresp.ttl > 0s && beresp.http.Set-Cookie) {
+ std.log("Cacheable object with Set-Cookie found. req.url: " +
req.url + " Cache-Control: " + beresp.http.Cache-Control + " Set-Cookie: " +
beresp.http.Set-Cookie);
+ set beresp.http.Cache-Control = "private, max-age=0,
s-maxage=0";
+ set beresp.ttl = 0s;
+ return (hit_for_pass);
+ }
+
/* FIXME: Fix up missing Vary headers on Apache redirects */
if ((beresp.status == 301 || beresp.status == 302)
&& beresp.http.Location ~ "^http"
--
To view, visit https://gerrit.wikimedia.org/r/79762
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia15b2dd16151fcabcb5fae8e6b8123572255c098
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mark Bergsma <[email protected]>
Gerrit-Reviewer: Mark Bergsma <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
