fix(cache): Set DONOTCACHEPAGE to true for ban and captcha walls to prevent them from being cached (#169)

* test(e2e): Fix playwright to 1.52 as there is ERR_ABORTED on page.goto with 1.53.0

* fix(cache): Set DONOTCACHEPAGE to true for ban and captcha walls

Author: julienloizelet

CHANGELOG.md

@@ -6,6 +6,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
+## [2.11.1](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.11.1) - 2025-06-13
+[_Compare with previous release_](https://github.com/crowdsecurity/cs-wordpress-bouncer/compare/v2.11.0...v2.11.1)
+
+
+### Fixed
+
+- Set the `DONOTCACHEPAGE` constant to true for ban and captcha walls to prevent them from being cached by WordPress "cache" plugins.
+
+---
+
 ## [2.11.0](https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v2.11.0) - 2025-06-02
 [_Compare with previous release_](https://github.com/crowdsecurity/cs-wordpress-bouncer/compare/v2.10.0...v2.11.0)
 

crowdsec.php

@@ -4,7 +4,7 @@
  * Plugin URI: https://github.com/crowdsecurity/cs-wordpress-bouncer
  * Description: Safer Together. Protect your WordPress application with CrowdSec.
  * Tags: security, captcha, ip-blocker, crowdsec, hacker-protection, appsec
- * Version: 2.11.0
+ * Version: 2.11.1
  * Author: CrowdSec
  * Author URI: https://www.crowdsec.net/
  * Github: https://github.com/crowdsecurity/cs-wordpress-bouncer
@@ -13,7 +13,7 @@
  * Requires PHP: 7.2
  * Requires at least: 4.9
  * Tested up to: 6.8
- * Stable tag: 2.11.0
+ * Stable tag: 2.11.1
  * Text Domain: crowdsec-wp
  * First release: 2021.
  */

inc/Bouncer.php

@@ -433,6 +433,21 @@ protected function getCaptchaHtml(
         return $this->renderTemplate('captcha-wall.php', $configs);
     }
 
+    protected function sendResponse(string $body, int $statusCode): void
+    {
+        /**
+         * Ban and Captcha walls should not be cached.
+         * If the status code is 401 or 403, we define DONOTCACHEPAGE to true because some WordPress "cache" plugins
+         * use this constant to prevent caching of the page.
+         */
+        if(in_array($statusCode, [401, 403]) && !defined('DONOTCACHEPAGE')) {
+            define('DONOTCACHEPAGE', true);
+        }
+
+        parent::sendResponse($body,  $statusCode);
+    }
+
+
     protected function specialcharsDecodeEntQuotes(string $value): string
     {
         return htmlspecialchars_decode($value, \ENT_QUOTES);

inc/Constants.php

@@ -21,5 +21,5 @@ class Constants extends LibConstants
     public const BOUNCER_NAME = 'wordpress-bouncer';
     public const DEFAULT_BASE_FILE_PATH = __DIR__ . '/../../../../wp-content/uploads/crowdsec/';
     public const STANDALONE_CONFIG_PATH = __DIR__ . '/standalone-settings.php';
-    public const VERSION = 'v2.11.0';
+    public const VERSION = 'v2.11.1';
 }

readme.txt

@@ -4,7 +4,7 @@ Donate link: https://crowdsec.net/
 Tags: security, captcha, ip-blocker, crowdsec, hacker-protection
 Requires at least: 4.9
 Tested up to: 6.8
-Stable tag: 2.11.0
+Stable tag: 2.11.1
 Requires PHP: 7.2
 License: MIT
 License URI: https://opensource.org/licenses/MIT

tests/e2e-ddev/package.json

@@ -23,7 +23,7 @@
     "jest-playwright-preset": "^3.0.1",
     "jest-runner": "^29.4.2",
     "lodash": "^4.17.21",
-    "playwright-chromium": "^1.26.1",
+    "playwright-chromium": "1.52.0",
     "ws": "^7.4.6"
   }
 }