SECURITY: Ensure user-agent-based responses are cached separately (#16475)

2025-05-24 14:12:10 +08:00 · 2022-04-14 14:25:52 +01:00
parent b7230d14a3
commit 8f786268be
2 changed files with 24 additions and 0 deletions
--- a/spec/lib/middleware/anonymous_cache_spec.rb
+++ b/spec/lib/middleware/anonymous_cache_spec.rb
@ -78,6 +78,20 @@ describe Middleware::AnonymousCache do
      end
    end

+    it "handles old browsers" do
+      SiteSetting.browser_update_user_agents = "my_old_browser"
+
+      key1 = new_helper("HTTP_USER_AGENT" => "my_old_browser").cache_key
+      key2 = new_helper("HTTP_USER_AGENT" => "my_new_browser").cache_key
+      expect(key1).not_to eq(key2)
+    end
+
+    it "handles modern mobile browsers" do
+      key1 = new_helper("HTTP_USER_AGENT" => "Safari (iPhone OS 7)").cache_key
+      key2 = new_helper("HTTP_USER_AGENT" => "Safari (iPhone OS 15)").cache_key
+      expect(key1).not_to eq(key2)
+    end
+
    context "cached" do
      let!(:helper) do
        new_helper("ANON_CACHE_DURATION" => 10)