View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006215 | OXID eShop (all versions) | 4.08. Cache | public | 2015-08-12 09:04 | 2022-02-01 14:52 |
| Reporter | SvenDeichmann | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | confirmed | Resolution | open | ||
| Product Version | 4.9.4 / 5.2.4 | ||||
| Summary | 0006215: "Test Reverse Proxy's availability" in admin backend does not check for the same as the actual caching mechanism | ||||
| Description | As also stated in the documentation the button only fetches the start page und searches it for a 'X-Varnish' header. That is fine to check for a varnish in default configuration, but it does not really tell anything about the correct functionality of the ESI implementation and it is limited to varnish as caching proxy. The production code checks strpos($_SERVER["HTTP_SURROGATE_CAPABILITY"], 'varnish=ESI') !== false; instead. | ||||
| Steps To Reproduce | - set up a shop and varnish and enable reverse proxy caching with default config - check caching is working - add remove resp.http.X-Varnish; to your varnish so this header is removed - click the button "Test Reverse Proxy's availability" in admin backend - verify it says "failed" - verify caching still works fine | ||||
| Additional Information | It might be considered a security risk that Varnish tells that it is a varnish (see https://linax.wordpress.com/2011/01/27/varnish-cache-security-removing-default-headers/) so it might very well not tell anyone it is a varnish, but still provides nice caching functionality. | ||||
| Tags | No tags attached. | ||||
| Theme | All | ||||
| Browser | All | ||||
| PHP Version | All | ||||
| Database Version | All | ||||
