From 8f786268be23f4afe7e19ebdfba7fbe06786f1ab Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Thu, 14 Apr 2022 14:25:52 +0100
Subject: [PATCH] SECURITY: Ensure user-agent-based responses are cached
 separately (#16475)

---
 lib/middleware/anonymous_cache.rb           | 10 ++++++++++
 spec/lib/middleware/anonymous_cache_spec.rb | 14 ++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/lib/middleware/anonymous_cache.rb b/lib/middleware/anonymous_cache.rb
index f9a278a0208..270e71fb947 100644
--- a/lib/middleware/anonymous_cache.rb
+++ b/lib/middleware/anonymous_cache.rb
@@ -12,6 +12,8 @@ module Middleware
       @@cache_key_segments ||= {
         m: 'key_is_mobile?',
         c: 'key_is_crawler?',
+        o: 'key_is_old_browser?',
+        d: 'key_is_modern_mobile_device?',
         b: 'key_has_brotli?',
         t: 'key_cache_theme_ids',
         ca: 'key_compress_anon',
@@ -120,6 +122,14 @@ module Middleware
       end
       alias_method :key_is_crawler?, :is_crawler?
 
+      def key_is_modern_mobile_device?
+        MobileDetection.modern_mobile_device?(@env[USER_AGENT]) if @env[USER_AGENT]
+      end
+
+      def key_is_old_browser?
+        CrawlerDetection.show_browser_update?(@env[USER_AGENT]) if @env[USER_AGENT]
+      end
+
       def cache_key
         return @cache_key if defined?(@cache_key)
 
diff --git a/spec/lib/middleware/anonymous_cache_spec.rb b/spec/lib/middleware/anonymous_cache_spec.rb
index 88257a40de6..596732b81e0 100644
--- a/spec/lib/middleware/anonymous_cache_spec.rb
+++ b/spec/lib/middleware/anonymous_cache_spec.rb
@@ -78,6 +78,20 @@ describe Middleware::AnonymousCache do
       end
     end
 
+    it "handles old browsers" do
+      SiteSetting.browser_update_user_agents = "my_old_browser"
+
+      key1 = new_helper("HTTP_USER_AGENT" => "my_old_browser").cache_key
+      key2 = new_helper("HTTP_USER_AGENT" => "my_new_browser").cache_key
+      expect(key1).not_to eq(key2)
+    end
+
+    it "handles modern mobile browsers" do
+      key1 = new_helper("HTTP_USER_AGENT" => "Safari (iPhone OS 7)").cache_key
+      key2 = new_helper("HTTP_USER_AGENT" => "Safari (iPhone OS 15)").cache_key
+      expect(key1).not_to eq(key2)
+    end
+
     context "cached" do
       let!(:helper) do
         new_helper("ANON_CACHE_DURATION" => 10)