MC-31987: Varnish graphql cache has to skip authenticated requests

Prabhu Ram · Prabhu Ram · commit 647080652c61 · 2020-03-10T13:39:39.000-05:00
- Modified vcl to not cache authorized requests for graphql
diff --git a/app/code/Magento/PageCache/etc/varnish4.vcl b/app/code/Magento/PageCache/etc/varnish4.vcl
@@ -108,6 +108,11 @@ sub vcl_recv {
         #unset req.http.Cookie;
     }
 
+    if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=" && req.http.Authorization ~ "^Bearer") {
+          # Authentificated customers should not be cached by default
+          return (pass);
+    }
+
     return (hash);
 }
 
@@ -123,7 +128,7 @@ sub vcl_hash {
         hash_data(server.ip);
     }
 
-    if (req.url ~ "/graphql") {
+    if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=") {
         call process_graphql_headers;
     }
 
diff --git a/app/code/Magento/PageCache/etc/varnish5.vcl b/app/code/Magento/PageCache/etc/varnish5.vcl
@@ -109,6 +109,11 @@ sub vcl_recv {
         #unset req.http.Cookie;
     }
 
+    if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=" && req.http.Authorization ~ "^Bearer") {
+      # Authentificated customers should not be cached by default
+      return (pass);
+    }
+
     return (hash);
 }
 
@@ -130,7 +135,7 @@ sub vcl_hash {
     }
     /* {{ design_exceptions_code }} */
 
-    if (req.url ~ "/graphql") {
+    if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=" ) {
         call process_graphql_headers;
     }
 }
diff --git a/app/code/Magento/PageCache/etc/varnish6.vcl b/app/code/Magento/PageCache/etc/varnish6.vcl
@@ -109,6 +109,11 @@ sub vcl_recv {
         #unset req.http.Cookie;
     }
 
+    if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=" && req.http.Authorization ~ "^Bearer") {
+        # Authentificated customers should not be cached by default
+        return (pass);
+    }
+
     return (hash);
 }
 
@@ -130,7 +135,7 @@ sub vcl_hash {
     }
     /* {{ design_exceptions_code }} */
 
-    if (req.url ~ "/graphql") {
+    if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=") {
         call process_graphql_headers;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -108,6 +108,11 @@ sub vcl_recv {`
`108`	`108`	`#unset req.http.Cookie;`
`109`	`109`	`}`
`110`	`110`
	`111`	`+ if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=" && req.http.Authorization ~ "^Bearer") {`
	`112`	`+ # Authentificated customers should not be cached by default`
	`113`	`+ return (pass);`
	`114`	`+ }`
	`115`	`+`
`111`	`116`	`return (hash);`
`112`	`117`	`}`
`113`	`118`
`@@ -123,7 +128,7 @@ sub vcl_hash {`
`123`	`128`	`hash_data(server.ip);`
`124`	`129`	`}`
`125`	`130`
`126`		`- if (req.url ~ "/graphql") {`
	`131`	`+ if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=") {`
`127`	`132`	`call process_graphql_headers;`
`128`	`133`	`}`
`129`	`134`
Original file line number	Diff line number	Diff line change
`@@ -109,6 +109,11 @@ sub vcl_recv {`
`109`	`109`	`#unset req.http.Cookie;`
`110`	`110`	`}`
`111`	`111`
	`112`	`+ if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=" && req.http.Authorization ~ "^Bearer") {`
	`113`	`+ # Authentificated customers should not be cached by default`
	`114`	`+ return (pass);`
	`115`	`+ }`
	`116`	`+`
`112`	`117`	`return (hash);`
`113`	`118`	`}`
`114`	`119`
`@@ -130,7 +135,7 @@ sub vcl_hash {`
`130`	`135`	`}`
`131`	`136`	`/* {{ design_exceptions_code }} */`
`132`	`137`
`133`		`- if (req.url ~ "/graphql") {`
	`138`	`+ if (req.method == "GET" && req.url ~ "/graphql" && req.url ~ "query=" ) {`
`134`	`139`	`call process_graphql_headers;`
`135`	`140`	`}`
`136`	`141`	`}`