varnish: don't leak HTTP cache headers to clients

This fixes issues when a not-logged-id user logs in, but still sees an old page. This is because the user's browser has cached the page due to having received it with 'Cache-Control: public, ...' headers. Now we make varnish overwrite to always set 'Cache-Control: no-cache' so that clients will always hit the server again. For not-logged-in users will also always hit the server, but varnish will still handle the requests directly for as long as it has a valid cached version of the page.

varnish: don't leak HTTP cache headers to clients
This fixes issues when a not-logged-id user logs in, but still sees an old page. This is because the user's browser has cached the page due to having received it with 'Cache-Control: public, ...' headers. Now we make varnish overwrite to always set 'Cache-Control: no-cache' so that clients will always hit the server again. For not-logged-in users will also always hit the server, but varnish will still handle the requests directly for as long as it has a valid cached version of the page.
Antonio Terceiro
1 parent 62419e2b
Showing 1 changed file with 7 additions and 0 deletions Show diff stats
etc/noosfero/varnish-noosfero.vcl
@@ -10,6 +10,13 @@ sub vcl_recv {
   }
 }
+sub vcl_deliver {
+  # Force clients to aways hit the server again for HTML pages
+  if (resp.http.Content-Type ~ "^text/html") {
+    set resp.http.Cache-Control = "no-cache";
+  }
+}
+
 sub vcl_error {
     set obj.http.Content-Type = "text/html; charset=utf-8";
	@@ -10,6 +10,13 @@ sub vcl_recv {		@@ -10,6 +10,13 @@ sub vcl_recv {
10	}	10	}
11	}	11	}
12		12
		13	+sub vcl_deliver {
		14	+ # Force clients to aways hit the server again for HTML pages
		15	+ if (resp.http.Content-Type ~ "^text/html") {
		16	+ set resp.http.Cache-Control = "no-cache";
		17	+ }
		18	+}
		19	+
13	sub vcl_error {	20	sub vcl_error {
14	set obj.http.Content-Type = "text/html; charset=utf-8";	21	set obj.http.Content-Type = "text/html; charset=utf-8";
15		22