CacheFilter bypasses cache for requests with authorization headers - e…

…nvoyproxy#7198 Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
yosrym93 · Jun 15, 2020 · dcb3858 · dcb3858
1 parent 83b8b5f
commit dcb3858
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/source/extensions/filters/http/cache/cache_filter_utils.cc b/source/extensions/filters/http/cache/cache_filter_utils.cc
@@ -12,7 +12,7 @@ bool CacheFilterUtils::isCacheableRequest(const Http::RequestHeaderMap& headers)
   const Http::HeaderValues& header_values = Http::Headers::get();
   // TODO(toddmgreer): Also serve HEAD requests from cache.
   // TODO(toddmgreer): Check all the other cache-related headers.
-  return method && forwarded_proto && headers.Path() && headers.Host() &&
+  return method && forwarded_proto && !headers.Authorization() && headers.Path() && headers.Host() &&
          (method->value() == header_values.MethodValues.Get) &&
          (forwarded_proto->value() == header_values.SchemeValues.Http ||
           forwarded_proto->value() == header_values.SchemeValues.Https);

diff --git a/test/extensions/filters/http/cache/cache_filter_utils_test.cc b/test/extensions/filters/http/cache/cache_filter_utils_test.cc
@@ -33,23 +33,27 @@ IsCacheableRequestParams params[] = {
         false
     },
     {
-        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "https"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "https"}, {":authority", "test.com"}},
         true
     },
     {
-        {{":path", "/"}, {":method", "POST"}, {"x-forwarded-proto", "https"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "POST"}, {"x-forwarded-proto", "https"}, {":authority", "test.com"}},
         false
     },
     {
-        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test.com"}},
         true
     },
     {
-        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test.com"}},
         true
     },
     {
-        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "ftp"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "ftp"}, {":authority", "test.com"}},
+        false
+    },
+    {
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test.com"}, {"authorization", "basic YWxhZGRpbjpvcGVuc2VzYW1l"}},
         false
     },
 };