varnish: don't leak HTTP cache headers to clients

This fixes issues when a not-logged-id user logs in, but still sees an old page. This is because the user's browser has cached the page due to having received it with 'Cache-Control: public, ...' headers. Now we make varnish overwrite to always set 'Cache-Control: no-cache' so that clients will always hit the server again. For not-logged-in users will also always hit the server, but varnish will still handle the requests directly for as long as it has a valid cached version of the page.

varnish: don't leak HTTP cache headers to clients
This fixes issues when a not-logged-id user logs in, but still sees an old page. This is because the user's browser has cached the page due to having received it with 'Cache-Control: public, ...' headers. Now we make varnish overwrite to always set 'Cache-Control: no-cache' so that clients will always hit the server again. For not-logged-in users will also always hit the server, but varnish will still handle the requests directly for as long as it has a valid cached version of the page.
Antonio Terceiro
1 parent 62419e2b
Showing 1 changed file with 7 additions and 0 deletions Show diff stats
etc/noosfero/varnish-noosfero.vcl
@@ -10,6 +10,13 @@ sub vcl_recv {
   }
 }
  
+sub vcl_deliver {
+  # Force clients to aways hit the server again for HTML pages
+  if (resp.http.Content-Type ~ "^text/html") {
+    set resp.http.Cache-Control = "no-cache";
+  }
+}
+
 sub vcl_error {
     set obj.http.Content-Type = "text/html; charset=utf-8";
...	...	@@ -10,6 +10,13 @@ sub vcl_recv {
10	10	}
11	11	}
12	12
	13	+sub vcl_deliver {
	14	+ # Force clients to aways hit the server again for HTML pages
	15	+ if (resp.http.Content-Type ~ "^text/html") {
	16	+ set resp.http.Cache-Control = "no-cache";
	17	+ }
	18	+}
	19	+
13	20	sub vcl_error {
14	21	set obj.http.Content-Type = "text/html; charset=utf-8";
15	22
...	...