github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 16:21:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: theme key should be an anon cache breaker

Browse Source
This commit is contained in:
Sam
2017-06-15 09:36:27 -04:00
parent 8f48c20598
commit ac1f84d3e1
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/middleware/anonymous_cache.rb
View File

@ -15,6 +15,7 @@ module Middleware
def initialize(env)
@env = env
@request = Rack::Request.new(env)
end
def is_mobile=(val)
@ -54,7 +55,16 @@ module Middleware
end
def cache_key
@cache_key ||= "ANON_CACHE_#{@env["HTTP_ACCEPT"]}_#{@env["HTTP_HOST"]}#{@env["REQUEST_URI"]}|m=#{is_mobile?}|c=#{is_crawler?}|b=#{has_brotli?}"
@cache_key ||= "ANON_CACHE_#{@env["HTTP_ACCEPT"]}_#{@env["HTTP_HOST"]}#{@env["REQUEST_URI"]}|m=#{is_mobile?}|c=#{is_crawler?}|b=#{has_brotli?}|t=#{theme_key}"
end
def theme_key
key = @request.cookies['theme_key']
if key && Guardian.new.allow_theme?(key)
key
else
nil
end
end
def cache_key_body