[MediaWiki-commits] [Gerrit] Filter out the Orig-Cookie header if coming from clients - change (operations/puppet)

Wed, 24 Jul 2013 06:32:32 -0700 

Mark Bergsma has submitted this change and it was merged.

Change subject: Filter out the Orig-Cookie header if coming from clients
......................................................................


Filter out the Orig-Cookie header if coming from clients

Change-Id: Ia3fad71253123f3813f23c6cf54a688967a257f9
---
M templates/varnish/text-common.inc.vcl.erb
M templates/varnish/text-frontend.inc.vcl.erb
2 files changed, 10 insertions(+), 1 deletion(-)

Approvals:
  Mark Bergsma: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/templates/varnish/text-common.inc.vcl.erb 
b/templates/varnish/text-common.inc.vcl.erb
index d08c72a..a0ca763 100644
--- a/templates/varnish/text-common.inc.vcl.erb
+++ b/templates/varnish/text-common.inc.vcl.erb
@@ -13,7 +13,9 @@
 }
 
 sub restore_cookie {
-       /* Restore the original Cookie header for upstream */
+       /* Restore the original Cookie header for upstream
+        * Assumes client header Orig-Cookie has been filtered!
+        */
        if (req.http.Orig-Cookie) {
                set req.http.Cookie = req.http.Orig-Cookie;
                unset req.http.Orig-Cookie;
diff --git a/templates/varnish/text-frontend.inc.vcl.erb 
b/templates/varnish/text-frontend.inc.vcl.erb
index 6a108aa..4385625 100644
--- a/templates/varnish/text-frontend.inc.vcl.erb
+++ b/templates/varnish/text-frontend.inc.vcl.erb
@@ -18,7 +18,14 @@
        }
 }
 
+sub filter_headers {
+       if (req.restarts == 0) {
+               unset req.http.Orig-Cookie;
+       }
+}
+
 sub vcl_recv {
+       call filter_headers;
        call vcl_recv_append_xff;
 
        /* Allow purging */

-- 
To view, visit https://gerrit.wikimedia.org/r/75590
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ia3fad71253123f3813f23c6cf54a688967a257f9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mark Bergsma <m...@wikimedia.org>
Gerrit-Reviewer: Mark Bergsma <m...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to