Skip to content
Permalink
Browse files Browse the repository at this point in the history
SECURITY: Ensure user-agent-based responses are cached separately (st…
…able) (#16476)
  • Loading branch information
davidtaylorhq committed Apr 14, 2022
1 parent 3ac1b3a commit b72b0da
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
5 changes: 5 additions & 0 deletions lib/middleware/anonymous_cache.rb
Expand Up @@ -12,6 +12,7 @@ def self.cache_key_segments
@@cache_key_segments ||= {
m: 'key_is_mobile?',
c: 'key_is_crawler?',
o: 'key_is_old_browser?',
b: 'key_has_brotli?',
t: 'key_cache_theme_ids',
ca: 'key_compress_anon',
Expand Down Expand Up @@ -114,6 +115,10 @@ def is_crawler?
end
alias_method :key_is_crawler?, :is_crawler?

def key_is_old_browser?
CrawlerDetection.show_browser_update?(@env[USER_AGENT]) if @env[USER_AGENT]
end

def cache_key
return @cache_key if defined?(@cache_key)

Expand Down
8 changes: 8 additions & 0 deletions spec/components/middleware/anonymous_cache_spec.rb
Expand Up @@ -80,6 +80,14 @@ def new_helper(opts = {})
end
end

it "handles old browsers" do
SiteSetting.browser_update_user_agents = "my_old_browser"

key1 = new_helper("HTTP_USER_AGENT" => "my_old_browser").cache_key
key2 = new_helper("HTTP_USER_AGENT" => "my_new_browser").cache_key
expect(key1).not_to eq(key2)
end

context "cached" do
let!(:helper) do
new_helper("ANON_CACHE_DURATION" => 10)
Expand Down

0 comments on commit b72b0da

Please sign in to comment.