From d5fc56dfde62ea7d7f6bb01fd919c2fe45a847d5 Mon Sep 17 00:00:00 2001 From: Martynas Date: Fri, 22 Nov 2024 14:47:11 +0100 Subject: [PATCH] Hash user-specific content only when (X)HTML is returned --- platform/varnish.vcl.template | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/platform/varnish.vcl.template b/platform/varnish.vcl.template index 96ca4335f..0aee34334 100644 --- a/platform/varnish.vcl.template +++ b/platform/varnish.vcl.template @@ -75,20 +75,34 @@ sub vcl_hash { hash_data(req.url); hash_data(req.http.Host); - # include the client certificate in the hash, if it exists - if (req.http.Client-Cert) { - hash_data(req.http.Client-Cert); + # static resources are not user-dependent + if (req.url ~ "^/static/") { + return (lookup); } - # include LinkedDataHub.id_token cookie value in the hash, if it exists - if (req.http.X-LinkedDataHub-Id-Token) { - hash_data(req.http.X-LinkedDataHub-Id-Token); + # include user identifiers if flagged for user-specific content + if (req.http.X-User-Specific == "true") { + # include the client certificate in the hash, if it exists + if (req.http.Client-Cert) { + hash_data(req.http.Client-Cert); + } + + # include LinkedDataHub.id_token cookie value in the hash, if it exists + if (req.http.X-LinkedDataHub-Id-Token) { + hash_data(req.http.X-LinkedDataHub-Id-Token); + } } return (lookup); } sub vcl_backend_response { + /* flag user-specific content only when (X)HTML is returned */ + if (beresp.http.Content-Type ~ "text/html" || beresp.http.Content-Type ~ "application/xhtml+xml") { + set beresp.http.X-User-Specific = "true"; + set req.http.X-User-Specific = "true"; # pass to req for hash calculation + } + /* purge URLs after updates */ if ((beresp.status == 200 || beresp.status == 201 || beresp.status == 204) && bereq.method ~ "POST|PUT|DELETE|PATCH") { set beresp.http.X-LinkedDataHub = "Banned";