From aa835ce63d87b937c4eb26e5cc1dfe40d7a072be Mon Sep 17 00:00:00 2001
From: Ancocodet <ancoplays@gmail.com>
Date: Tue, 17 Jan 2023 13:20:19 +0100
Subject: [PATCH] fix content negotiation (#265) (#273)

Add conditions for the HTTP "Accept" header to both cache generation and
webserver configuration so that only HTML content is served from cache.
---
 inc/class-cachify.php                 | 7 +++++++
 inc/setup/cachify.hdd.htaccess.php    | 1 +
 inc/setup/cachify.hdd.nginx.php       | 3 +++
 inc/setup/cachify.memcached.nginx.php | 5 +++++
 4 files changed, 16 insertions(+)

diff --git a/inc/class-cachify.php b/inc/class-cachify.php
index 4a91d1af..78da24ea 100644
--- a/inc/class-cachify.php
+++ b/inc/class-cachify.php
@@ -1339,6 +1339,13 @@ private static function _skip_cache() {
 			return true;
 		}
 
+		/* Content Negotiation */
+
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+		if ( isset( $_SERVER['HTTP_ACCEPT'] ) && false === strpos( $_SERVER['HTTP_ACCEPT'], 'text/html' ) ) {
+			return true;
+		}
+
 		return false;
 	}
 
diff --git a/inc/setup/cachify.hdd.htaccess.php b/inc/setup/cachify.hdd.htaccess.php
index 1f64549a..4ab3335c 100644
--- a/inc/setup/cachify.hdd.htaccess.php
+++ b/inc/setup/cachify.hdd.htaccess.php
@@ -26,6 +26,7 @@
   RewriteRule .* - [E=CACHIFY_DIR:/]
 {{GZIP}}
   # Main Rules
+  RewriteCond %{HTTP_ACCEPT} .*text/html.*
   RewriteCond %{REQUEST_METHOD} GET
   RewriteCond %{QUERY_STRING} =""
   RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-content/cache)/.*
diff --git a/inc/setup/cachify.hdd.nginx.php b/inc/setup/cachify.hdd.nginx.php
index 7aaf1f04..38b001c6 100644
--- a/inc/setup/cachify.hdd.nginx.php
+++ b/inc/setup/cachify.hdd.nginx.php
@@ -24,6 +24,9 @@
   if ( $query_string ) {
 	return 405;
   }
+  if ( $http_accept !~* "text/html" ) {
+	return 405;
+  }
   if ( $request_method = POST ) {
 	return 405;
   }
diff --git a/inc/setup/cachify.memcached.nginx.php b/inc/setup/cachify.memcached.nginx.php
index 2b737b8c..ca3b1518 100644
--- a/inc/setup/cachify.memcached.nginx.php
+++ b/inc/setup/cachify.memcached.nginx.php
@@ -26,6 +26,11 @@
   if ( $query_string ) {
 	return 405;
   }
+
+  if ( $http_accept !~* "text/html" ) {
+	return 405;
+  }
+
   if ( $request_method = POST ) {
 	return 405;
   }