Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: High
Fix Version/s: 2.5.0-beta1
Affects Version/s: None
Component/s: Platform > Repository & Services (Public API impl)
Labels:
None

Sprint:
[2.5] - Sprint 2

Story Points:
1

Description

From p.sh

Instead of doing network-level access control for purge (i.e. “all the clients inside the local network have access to purge”), we could do something token based (i.e. “all the clients that have this token can purge”).

This removes the need for circular relationships, because it means that the application can directly send HTTP requests to its own domain, via the internet.

eZ may need to look at changing the VCL, and changing the way the application sends purge requests.

sub vcl_recv {
        if (req.request == "PURGE") {
                if (req.http.x-purge-token != "<a random token that only the app knows>") {
                        error 405 "Not allowed.";
                }
                return (lookup);
        }
}

sub vcl_hit {
        if (req.request == "PURGE") {
                purge;
                error 200 "Purged.";
        }
}

sub vcl_miss {
        if (req.request == "PURGE") {
                purge;
                error 200 "Purged.";
        }
}

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Sylvain Guittard

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 16/Nov/18 1:53 PM

Updated:: 01/Feb/19 3:53 PM

Resolved:: 01/Feb/19 3:53 PM