Mark Bergsma has uploaded a new change for review. https://gerrit.wikimedia.org/r/75590
Change subject: Filter out the Orig-Cookie header if coming from clients ...................................................................... Filter out the Orig-Cookie header if coming from clients Change-Id: Ia3fad71253123f3813f23c6cf54a688967a257f9 --- M templates/varnish/text-common.inc.vcl.erb M templates/varnish/text-frontend.inc.vcl.erb 2 files changed, 10 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/90/75590/1 diff --git a/templates/varnish/text-common.inc.vcl.erb b/templates/varnish/text-common.inc.vcl.erb index d08c72a..a0ca763 100644 --- a/templates/varnish/text-common.inc.vcl.erb +++ b/templates/varnish/text-common.inc.vcl.erb @@ -13,7 +13,9 @@ } sub restore_cookie { - /* Restore the original Cookie header for upstream */ + /* Restore the original Cookie header for upstream + * Assumes client header Orig-Cookie has been filtered! + */ if (req.http.Orig-Cookie) { set req.http.Cookie = req.http.Orig-Cookie; unset req.http.Orig-Cookie; diff --git a/templates/varnish/text-frontend.inc.vcl.erb b/templates/varnish/text-frontend.inc.vcl.erb index 6a108aa..4385625 100644 --- a/templates/varnish/text-frontend.inc.vcl.erb +++ b/templates/varnish/text-frontend.inc.vcl.erb @@ -18,7 +18,14 @@ } } +sub filter_headers { + if (req.restarts == 0) { + unset req.http.Orig-Cookie; + } +} + sub vcl_recv { + call filter_headers; call vcl_recv_append_xff; /* Allow purging */ -- To view, visit https://gerrit.wikimedia.org/r/75590 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia3fad71253123f3813f23c6cf54a688967a257f9 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Mark Bergsma <m...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits