Details
-
Bug
-
Resolution: Fixed
-
Critical
-
2.5.11
-
Clean installation of eZ Platform v2.5 - dev environment
Description
Description:
When using Compound Matcher the SimplifiedRequest object is being injected into the serialized_siteaccess_matcher with user specific's data like User-Agent data, which will be unable to be cached by Varnish.
Steps to reproduce:
- ezplatform.yml:
siteaccess: list: - test_site - test_site2 - test_site3 - test_site4 - test_site5 - admin groups: site_group: - test_site - test_site2 - test_site3 - test_site4 - test_site5 admin_group: - admin default_siteaccess: test_site match: URIElement: 1 Compound\LogicalAnd: test_site: matchers: Map\URI: site: true Map\Host: localhost: true match: test_site test_site2: matchers: Map\URI: site2: true Map\Host: localhost: true match: test_site2 test_site3: matchers: Map\URI: site3: true Map\Host: localhost: true match: test_site3 test_site4: matchers: Map\URI: site4: true Map\Host: localhost: true match: test_site4 test_site5: matchers: Map\URI: site5: true Map\Host: localhost: true match: test_site5 Map\Host: localhost: site # ... system: site_group: pagelayout: pagelayout.html.twig
- Configure Varnish
- Create pagelayout.html.twig:
<!doctype html> <html lang="en"> <body> <textarea readonly="readonly" style="width: 100%; height: 300px"> {{ render_esi(controller('ez_content:viewAction', {locationId: 42, viewType: 'line'} )) }} </textarea> {{ dump(render_esi(controller('ez_content:viewAction', {locationId: 42, viewType: 'line'} ))) }} </body> </html>
4. Observe the dumped <esi src=""> attribute
Result:
The mentioned attribute possesses the user's specific info.
Expected result:
The mentioned attribute doesn't possess the user's specific info.
Attachments
Issue Links
- relates to
-
EZP-31644 Compound SiteAccess matcher usage results in serializing error
- Closed
-
EZP-31667 Changes to serialization may result in 414 errors due to potential very big size of serialized_siteaccess_matcher
- Closed
-
EZP-31810 Compound SiteAccess matcher will include serialized 'pathinfo' and 'queryParams' attributes unnecessarily
- Closed