From dcb385857b938b349d84a47bf0808f27c6b177b8 Mon Sep 17 00:00:00 2001
From: Yosry Ahmed <yosryahmed@google.com>
Date: Mon, 15 Jun 2020 23:08:48 +0000
Subject: [PATCH] CacheFilter bypasses cache for requests with authorization
 headers - #7198

Signed-off-by: Yosry Ahmed <yosryahmed@google.com>
---
 .../filters/http/cache/cache_filter_utils.cc       |  2 +-
 .../filters/http/cache/cache_filter_utils_test.cc  | 14 +++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/source/extensions/filters/http/cache/cache_filter_utils.cc b/source/extensions/filters/http/cache/cache_filter_utils.cc
index 12fcf647be4e..30041abe69bf 100644
--- a/source/extensions/filters/http/cache/cache_filter_utils.cc
+++ b/source/extensions/filters/http/cache/cache_filter_utils.cc
@@ -12,7 +12,7 @@ bool CacheFilterUtils::isCacheableRequest(const Http::RequestHeaderMap& headers)
   const Http::HeaderValues& header_values = Http::Headers::get();
   // TODO(toddmgreer): Also serve HEAD requests from cache.
   // TODO(toddmgreer): Check all the other cache-related headers.
-  return method && forwarded_proto && headers.Path() && headers.Host() &&
+  return method && forwarded_proto && !headers.Authorization() && headers.Path() && headers.Host() &&
          (method->value() == header_values.MethodValues.Get) &&
          (forwarded_proto->value() == header_values.SchemeValues.Http ||
           forwarded_proto->value() == header_values.SchemeValues.Https);
diff --git a/test/extensions/filters/http/cache/cache_filter_utils_test.cc b/test/extensions/filters/http/cache/cache_filter_utils_test.cc
index 4f90b47905b9..b43399b25602 100644
--- a/test/extensions/filters/http/cache/cache_filter_utils_test.cc
+++ b/test/extensions/filters/http/cache/cache_filter_utils_test.cc
@@ -33,23 +33,27 @@ IsCacheableRequestParams params[] = {
         false
     },
     {
-        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "https"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "https"}, {":authority", "test.com"}},
         true
     },
     {
-        {{":path", "/"}, {":method", "POST"}, {"x-forwarded-proto", "https"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "POST"}, {"x-forwarded-proto", "https"}, {":authority", "test.com"}},
         false
     },
     {
-        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test.com"}},
         true
     },
     {
-        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test.com"}},
         true
     },
     {
-        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "ftp"}, {":authority", "test"}},
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "ftp"}, {":authority", "test.com"}},
+        false
+    },
+    {
+        {{":path", "/"}, {":method", "GET"}, {"x-forwarded-proto", "http"}, {":authority", "test.com"}, {"authorization", "basic YWxhZGRpbjpvcGVuc2VzYW1l"}},
         false
     },
 };