[MediaWiki-commits] [Gerrit] Varnish: protect against external streampass header setting - change (operations/puppet)

Tue, 22 Mar 2016 07:53:21 -0700 

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/278901

Change subject: Varnish: protect against external streampass header setting
......................................................................

Varnish: protect against external streampass header setting

e7c0cde0 added streaming for all passes, but fails to protect the
header from being set by users or other caches accidentally.

Change-Id: Ibc99831449cd306c82a6f1cbc34988497256f070
---
M modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/01/278901/1

diff --git a/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb 
b/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
index bd6da1c7..f7dbfed 100644
--- a/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
@@ -179,6 +179,7 @@
 
 sub wm_common_recv_early {
        unset req.http.X-CDIS; // clear internal cache-disposition header
+       unset req.http.X-Pass-Stream; // clear internal streaming-pass header
 
        // XFF-appending is non-idempotent for restart purposes..
        if (req.restarts == 0) {

-- 
To view, visit https://gerrit.wikimedia.org/r/278901
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibc99831449cd306c82a6f1cbc34988497256f070
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to