FormKey issues (URLs without / at the end)

Question

FormKey issues (URLs without / at the end)

DevYevhen opened this issue 6 years ago · 0 comments

FormKey ESI Response gets cached with wrong access settings (and served to all users) if router was changed to generate URLs without / at the end. (/turpentine/esi/getFormKey/ttl//method/esi/scope/global/access/private)
Symptoms are:

all forms with formkey stops to work (formkey error) if any other user requested a page with any form earlier.
you can see the same formkey for different users, but any other ESI block content are differ.

req.http.X-Varnish-Esi-Access calculation regex awaits URL with / at the end. If / is absent, then req.http.X-Varnish-Esi-Access would be wrong and vcl_hash will not add frontend cookie to hash calculation. Original regex:

set req.http.X-Varnish-Esi-Access = regsub(
                req.url, ".*/{{esi_cache_type_param}}/(\w+)/.*", "\1");

could be changed to something like that:

set req.http.X-Varnish-Esi-Access = regsub(
                req.url, ".*/{{esi_cache_type_param}}/(\w+)(/|\z).*", "\1");

to resolve issue.