Fix password-protected pages #74
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WordPress allows password protecting pages, per https://wordpress.org/support/article/using-password-protection/ When the end-user enters a password, WordPress sets a cookie value prefixed `wp-postpass_` followed by a hash for the URL. Previously, since cookies are stripped, the page just "reloads" the cached version after an end user enters the page password. This change to the VCL bypasses cache for folks with that cookie set. To be fair, this does seem awfully broad, but I'm not sure how to resolve this for only the specific URLs in question. So this is my cheap workaround for the moment. My hope is this at least sparks conversation or brings someone along who knows more about how to *more correctly* do this (page specific?) if this change doesn't seem right for you.
|
🤔 Maybe the Fastly plugin could hook the cookie check (I haven't looked at the password check method in a while, to see if it has hooks), and do something to only those specific responses, allowing just those pages to bypass cache? My knowledge of Varnish/VCL stuff fails me here. 🤷🏽♂️ Sorry. |
|
Faced the same issue, did the same fix. Find out this trying to add similar pull request, too bad it wasn't added. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: #75
WordPress allows password protecting pages, per https://wordpress.org/support/article/using-password-protection/
When the end-user enters a password, WordPress sets a cookie value prefixed
wp-postpass_followed by a hash for the URL.Previously, since cookies are stripped, the page just "reloads" the cached version after an end user enters the page password.
This change to the VCL bypasses cache for folks with that cookie set.
To be fair, this does seem awfully broad (password cookies are page-specific), but I'm not sure how to resolve this for only the specific URLs in question. So this is my cheap workaround for the moment. My hope is this at least sparks conversation or brings someone along who knows more about how to more correctly do this (page specific?) if this change doesn't seem right for you.