Details
-
Story
-
Resolution: Done
-
High
-
None
-
None
-
[2.5] - Sprint 2
-
1
Description
From p.sh
Instead of doing network-level access control for purge (i.e. “all the clients inside the local network have access to purge”), we could do something token based (i.e. “all the clients that have this token can purge”).
This removes the need for circular relationships, because it means that the application can directly send HTTP requests to its own domain, via the internet.
eZ may need to look at changing the VCL, and changing the way the application sends purge requests.
sub vcl_recv { if (req.request == "PURGE") { if (req.http.x-purge-token != "<a random token that only the app knows>") { error 405 "Not allowed."; } return (lookup); } } sub vcl_hit { if (req.request == "PURGE") { purge; error 200 "Purged."; } } sub vcl_miss { if (req.request == "PURGE") { purge; error 200 "Purged."; } }