Merge remote-tracking branch 'origin/2.5' into 2.5

ezsystems · May 5, 2020 · 39f0b9b · 39f0b9b
2 parents a33446c + 7db150f
commit 39f0b9b
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 13 deletions.
diff --git a/.env b/.env
@@ -14,7 +14,7 @@ PHP_IMAGE=ezsystems/php:7.3-v1
 PHP_IMAGE_DEV=ezsystems/php:7.3-v1-dev
 NGINX_IMAGE=nginx:stable
 MYSQL_IMAGE=healthcheck/mariadb
-SELENIUM_IMAGE=selenium/standalone-chrome-debug:3.141.59-oxygen
+SELENIUM_IMAGE=selenium/standalone-chrome-debug:3.141.59-20200326
 REDIS_IMAGE=healthcheck/redis
 
 APP_DOCKER_FILE=doc/docker/Dockerfile-app

diff --git a/.platform/varnish.vcl b/.platform/varnish.vcl
@@ -6,7 +6,7 @@
 // Make sure to at least adjust default parameters.yml, defaults there reflect our testing needs with docker.
 
 // Not applicable on Platform.sh:
-//vcl 4.1;
+//vcl 4.0;
 //import std;
 import xkey;
 
@@ -26,6 +26,7 @@ acl debuggers {
 
 // Called at the beginning of a request, after the complete request has been received
 sub vcl_recv {
+
     // Set the backend
     //set req.backend_hint = ezplatform;
     // Platform.sh specific:
@@ -116,6 +117,7 @@ sub vcl_hit {
 
 // Called when the requested object has been retrieved from the backend
 sub vcl_backend_response {
+
     if (bereq.http.accept ~ "application/vnd.fos.user-context-hash"
         && beresp.status >= 500
     ) {
@@ -194,13 +196,14 @@ sub ez_purge_acl {
 
 // Sub-routine to get client user context hash, used to for being able to vary page cache on user rights.
 sub ez_user_context_hash {
+
     // Prevent tampering attacks on the hash mechanism
     if (req.restarts == 0
         && (req.http.accept ~ "application/vnd.fos.user-context-hash"
             || req.http.x-user-hash
         )
     ) {
-        return (synth(400));
+        return (synth(400, "Bad Request"));
     }
 
     if (req.restarts == 0 && (req.method == "GET" || req.method == "HEAD")) {
@@ -248,7 +251,7 @@ sub ez_invalidate_token {
             || req.http.x-backend-invalidate-token
         )
     ) {
-        return (synth(400));
+        return (synth(400, "Bad Request"));
     }
 
     if (req.restarts == 0 && req.method == "PURGE" && req.http.x-invalidate-token) {

diff --git a/behat.yml.dist b/behat.yml.dist
@@ -16,6 +16,7 @@ default:
                 capabilities:
                     extra_capabilities:
                         chromeOptions:
+                            w3c: false
                             args:
                                 - "--window-size=1440,1080"
                                 - "--no-sandbox"

diff --git a/doc/varnish/vcl/varnish4_xkey.vcl b/doc/varnish/vcl/varnish4_xkey.vcl
@@ -116,6 +116,19 @@ sub vcl_backend_response {
 
     // Make Varnish keep all objects for up to 1 hour beyond their TTL, see vcl_hit for Request logic on this
     set beresp.grace = 1h;
+
+    // Compressing the content
+    if (beresp.http.Content-Type ~ "application/javascript"
+        || beresp.http.Content-Type ~ "application/json"
+        || beresp.http.Content-Type ~ "application/vnd.ms-fontobject"
+        || beresp.http.Content-Type ~ "application/vnd.ez.api"
+        || beresp.http.Content-Type ~ "application/x-font-ttf"
+        || beresp.http.Content-Type ~ "image/svg+xml"
+        || beresp.http.Content-Type ~ "text/css"
+        || beresp.http.Content-Type ~ "text/plain"
+    ) {
+        set beresp.do_gzip = true;
+    }
 }
 
 // Handle purge
@@ -156,13 +169,11 @@ sub ez_purge {
 }
 
 sub ez_purge_acl {
-//    if (req.http.x-purge-token) {
-//        #  Won't work on Varnish <= 5.1, if needed in 4.1 you can hardcode a secret token here instead of std.getenv() usage
-//        if (req.http.x-purge-token != std.getenv("HTTPCACHE_VARNISH_INVALIDATE_TOKEN")) {
-//            return (synth(405, "Method not allowed"));
-//        }
-//    } else if  (!client.ip ~ invalidators) {
-    if  (!client.ip ~ invalidators) {
+    if (req.http.x-invalidate-token) {
+        if (req.http.x-invalidate-token != req.http.x-backend-invalidate-token) {
+            return (synth(405, "Method not allowed"));
+        }
+    } else if  (!client.ip ~ invalidators) {
         return (synth(405, "Method not allowed"));
     }
 }
@@ -176,7 +187,7 @@ sub ez_user_context_hash {
             || req.http.x-user-hash
         )
     ) {
-        return (synth(400));
+        return (synth(400, "Bad Request"));
     }
 
     if (req.restarts == 0 && (req.method == "GET" || req.method == "HEAD")) {
@@ -224,7 +235,7 @@ sub ez_invalidate_token {
             || req.http.x-backend-invalidate-token
         )
     ) {
-        return (synth(400));
+        return (synth(400, "Bad Request"));
     }
 
     if (req.restarts == 0 && req.method == "PURGE" && req.http.x-invalidate-token) {