fix content negotiation (pluginkollektiv#265) (pluginkollektiv#273)

Add conditions for the HTTP "Accept" header to both cache generation and webserver configuration so that only HTML content is served from cache.
timse201 · Jan 17, 2023 · aa835ce · aa835ce
1 parent 38345db
commit aa835ce
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 0 deletions.
diff --git a/inc/class-cachify.php b/inc/class-cachify.php
@@ -1339,6 +1339,13 @@ private static function _skip_cache() {
 			return true;
 		}
 
+		/* Content Negotiation */
+
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+		if ( isset( $_SERVER['HTTP_ACCEPT'] ) && false === strpos( $_SERVER['HTTP_ACCEPT'], 'text/html' ) ) {
+			return true;
+		}
+
 		return false;
 	}
 

diff --git a/inc/setup/cachify.hdd.htaccess.php b/inc/setup/cachify.hdd.htaccess.php
@@ -26,6 +26,7 @@
   RewriteRule .* - [E=CACHIFY_DIR:/]
 {{GZIP}}
   # Main Rules
+  RewriteCond %{HTTP_ACCEPT} .*text/html.*
   RewriteCond %{REQUEST_METHOD} GET
   RewriteCond %{QUERY_STRING} =""
   RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-content/cache)/.*

diff --git a/inc/setup/cachify.hdd.nginx.php b/inc/setup/cachify.hdd.nginx.php
@@ -24,6 +24,9 @@
   if ( $query_string ) {
 	return 405;
   }
+  if ( $http_accept !~* "text/html" ) {
+	return 405;
+  }
   if ( $request_method = POST ) {
 	return 405;
   }

diff --git a/inc/setup/cachify.memcached.nginx.php b/inc/setup/cachify.memcached.nginx.php
@@ -26,6 +26,11 @@
   if ( $query_string ) {
 	return 405;
   }
+
+  if ( $http_accept !~* "text/html" ) {
+	return 405;
+  }
+
   if ( $request_method = POST ) {
 	return 405;
   }