From 7a953337fdb72d6c54d58271eb5e81cb2ffa3ba7 Mon Sep 17 00:00:00 2001 From: Vladimir Vuksan Date: Wed, 25 May 2022 12:34:28 -0400 Subject: [PATCH 1/8] Initial VCL changes for Blue/Green Deploy --- etc/vcl_snippets/fetch.vcl | 6 +++--- etc/vcl_snippets/hash.vcl | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/etc/vcl_snippets/fetch.vcl b/etc/vcl_snippets/fetch.vcl index dfab500f..8f52647a 100644 --- a/etc/vcl_snippets/fetch.vcl +++ b/etc/vcl_snippets/fetch.vcl @@ -98,14 +98,14 @@ # init surrogate keys if (beresp.http.X-Magento-Tags) { - set beresp.http.Surrogate-Key = beresp.http.X-Magento-Tags " text"; + set beresp.http.Surrogate-Key = beresp.http.X-Magento-Tags + " text text-" + table.lookup(magentomodule_config, "current_version", "DEFAULT") ; } else { - set beresp.http.Surrogate-Key = "text"; + set beresp.http.Surrogate-Key = "text text-" + table.lookup(magentomodule_config, "current_version", "DEFAULT"); } # set surrogate keys by content type if they are image/script or CSS if (beresp.http.Content-Type ~ "(image|script|css)") { - set beresp.http.Surrogate-Key = re.group.1; + set beresp.http.Surrogate-Key = re.group + " " + re.group.1 + "-" + table.lookup(magentomodule_config, "current_version", "DEFAULT"); } } diff --git a/etc/vcl_snippets/hash.vcl b/etc/vcl_snippets/hash.vcl index da416ba7..938cdc54 100644 --- a/etc/vcl_snippets/hash.vcl +++ b/etc/vcl_snippets/hash.vcl @@ -1,3 +1,6 @@ + # Add support for versions of the cache depending on the blue/green model. If not specified default to DEFAULT + set req.hash += table.lookup(magentomodule_config, "current_version", "DEFAULT"); + if (req.http.graphql) { # GraphQL should cache on X-Magento-Cache-Id if available, which has a bunch of variations so it should be part of the key and not a Vary factor if (req.http.X-Magento-Cache-Id) { From 8ecd161681c943b4259e222530fdf75fe5be55f3 Mon Sep 17 00:00:00 2001 From: Vladimir Vuksan Date: Fri, 3 Jun 2022 13:39:25 -0400 Subject: [PATCH 2/8] Update recv.vcl Add version routing based on next version. --- etc/vcl_snippets/recv.vcl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/etc/vcl_snippets/recv.vcl b/etc/vcl_snippets/recv.vcl index d1d0e798..616145a8 100644 --- a/etc/vcl_snippets/recv.vcl +++ b/etc/vcl_snippets/recv.vcl @@ -1,3 +1,13 @@ + if ( table.lookup(magentomodule_config, "current_version", "DEFAULT") != table.lookup(magentomodule_config, "next_version", "DEFAULT") ) { + # Check if user has the deploy version + if ( req.http.Cookie:deploy_version != table.lookup(magentomodule_config, "current_version", "DEFAULT") + && req.http.Cookie:deploy_version != table.lookup(magentomodule_config, "next_version", "DEFAULT") ) { + # Next Version differs from Current Version. Let's roll out a percentage of traffic + if (randombool(std.atoi(table.lookup(magentomodule_config, "rollout_percentage", "0")), 100)) { + set req.http.request_version = table.lookup(magentomodule_config, "next_version"); + } + } + # When using Magento tester to test whether your site is configured properly # this uses a bypass secret. By default we will use service ID as the bypass secret # however user can override this by defining a bypass_secret key in the From 20aa2ba3dfb5179aac96f7e4b5b88f22eb2f8ee2 Mon Sep 17 00:00:00 2001 From: Vladimir Vuksan Date: Fri, 3 Jun 2022 13:41:34 -0400 Subject: [PATCH 3/8] Update hash.vcl --- etc/vcl_snippets/hash.vcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/vcl_snippets/hash.vcl b/etc/vcl_snippets/hash.vcl index 938cdc54..8c66174a 100644 --- a/etc/vcl_snippets/hash.vcl +++ b/etc/vcl_snippets/hash.vcl @@ -1,5 +1,5 @@ # Add support for versions of the cache depending on the blue/green model. If not specified default to DEFAULT - set req.hash += table.lookup(magentomodule_config, "current_version", "DEFAULT"); + set req.hash += req.http.request_version; if (req.http.graphql) { # GraphQL should cache on X-Magento-Cache-Id if available, which has a bunch of variations so it should be part of the key and not a Vary factor From b1dd515ea90d999026acb66358fa18f1fc68a24d Mon Sep 17 00:00:00 2001 From: Vladimir Vuksan Date: Fri, 3 Jun 2022 13:43:22 -0400 Subject: [PATCH 4/8] Update recv.vcl --- etc/vcl_snippets/recv.vcl | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/etc/vcl_snippets/recv.vcl b/etc/vcl_snippets/recv.vcl index 616145a8..3aab20d5 100644 --- a/etc/vcl_snippets/recv.vcl +++ b/etc/vcl_snippets/recv.vcl @@ -6,7 +6,12 @@ if (randombool(std.atoi(table.lookup(magentomodule_config, "rollout_percentage", "0")), 100)) { set req.http.request_version = table.lookup(magentomodule_config, "next_version"); } - } + } + + # If request version has not been set by rollout percentage set to current version + if ( !req.http.request_version ) { + set req.http.request_version = table.lookup(magentomodule_config, "current_version", "DEFAULT"); + } # When using Magento tester to test whether your site is configured properly # this uses a bypass secret. By default we will use service ID as the bypass secret From 16d2c9fd408659bf2e01df8d9b29fa1acb84502c Mon Sep 17 00:00:00 2001 From: Vladimir Vuksan Date: Fri, 3 Jun 2022 13:59:55 -0400 Subject: [PATCH 5/8] Update deliver.vcl --- etc/vcl_snippets/deliver.vcl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/etc/vcl_snippets/deliver.vcl b/etc/vcl_snippets/deliver.vcl index 486e7487..e2a81066 100644 --- a/etc/vcl_snippets/deliver.vcl +++ b/etc/vcl_snippets/deliver.vcl @@ -3,6 +3,16 @@ return(deliver); } + if ( fastly.ff.visits_this_service == 0 ) { + if ( req.http.Cookie:deploy_version != req.http.request_version && req.http.request_version != table.lookup(magentomodule_config, "current_version", "DEFAULT") ) { + set beresp.http.Set-Cookie:deploy_version = req.http.request_version; + } + # Tell the browser to delete the deploy_version cookie if the requested_version is current version + if ( req.http.Cookie:deploy_version != "" && req.http.request_version == table.lookup(magentomodule_config, "current_version", DEFAULT ) ) { + add beresp.http.Set-Cookie = "deploy_version=DEFAULT; Expires=Wed Jun 01 2022 00:00:00 GMT"; + } + } + # Send no cache headers to end users for non-static content created by Magento if (resp.http.X-Magento-Tags && fastly.ff.visits_this_service == 0 ) { set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0"; From f008f787bc843fa20b58d60b58498c25edb52b0f Mon Sep 17 00:00:00 2001 From: Vladimir Vuksan Date: Mon, 10 Oct 2022 11:31:59 -0400 Subject: [PATCH 6/8] Move edge VCL header resets to the top to avoid resetting them later --- etc/vcl_snippets/deliver.vcl | 2 +- etc/vcl_snippets/fetch.vcl | 4 ++++ etc/vcl_snippets/miss.vcl | 2 +- etc/vcl_snippets/pass.vcl | 2 +- etc/vcl_snippets/recv.vcl | 19 ++++++++----------- 5 files changed, 15 insertions(+), 14 deletions(-) diff --git a/etc/vcl_snippets/deliver.vcl b/etc/vcl_snippets/deliver.vcl index 25b38eec..e6f220fc 100644 --- a/etc/vcl_snippets/deliver.vcl +++ b/etc/vcl_snippets/deliver.vcl @@ -39,7 +39,7 @@ # Add an easy way to see whether custom Fastly VCL has been uploaded if ( req.http.Fastly-Debug ) { - set resp.http.Fastly-Magento-VCL-Uploaded = "1.2.189"; + set resp.http.Fastly-Magento-VCL-Uploaded = "1.2.190"; } else { remove resp.http.Fastly-Module-Enabled; remove resp.http.fastly-page-cacheable; diff --git a/etc/vcl_snippets/fetch.vcl b/etc/vcl_snippets/fetch.vcl index 307a2d79..85489192 100644 --- a/etc/vcl_snippets/fetch.vcl +++ b/etc/vcl_snippets/fetch.vcl @@ -72,6 +72,7 @@ return (pass); } + # We are extending the default Fastly behavior to include no-cache/no-store in addition to private if (beresp.http.Cache-Control ~ "private|no-cache|no-store") { set req.http.Fastly-Cachetype = "PRIVATE"; return (pass); @@ -88,6 +89,9 @@ if (beresp.http.x-amz-request-id) { # If assets are coming from Amazon they may have no Cache-Control headers which may make them uncacheable + + # If the object is coming with no Expires, Surrogate-Control or Cache-Control headers we assume it's a misconfiguration + # and we will not cache it. This is to prevent inadventently caching private data } else if (!beresp.http.Expires && !beresp.http.Surrogate-Control ~ "max-age" && !beresp.http.Cache-Control ~ "(s-maxage|max-age)") { # Varnish sets default TTL if none of the headers above are present. If not set we want to make sure we don't cache it set beresp.ttl = 0s; diff --git a/etc/vcl_snippets/miss.vcl b/etc/vcl_snippets/miss.vcl index 1bb8a15f..a51e4628 100644 --- a/etc/vcl_snippets/miss.vcl +++ b/etc/vcl_snippets/miss.vcl @@ -3,4 +3,4 @@ unset bereq.http.Accept-Encoding; # Send VCL version uploaded to the backend - set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.189"; + set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.190"; diff --git a/etc/vcl_snippets/pass.vcl b/etc/vcl_snippets/pass.vcl index e3fe20d2..2939ca2d 100644 --- a/etc/vcl_snippets/pass.vcl +++ b/etc/vcl_snippets/pass.vcl @@ -12,4 +12,4 @@ } # Send VCL version uploaded to the backend - set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.189"; + set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.190"; diff --git a/etc/vcl_snippets/recv.vcl b/etc/vcl_snippets/recv.vcl index 41092b31..ffd102eb 100644 --- a/etc/vcl_snippets/recv.vcl +++ b/etc/vcl_snippets/recv.vcl @@ -1,3 +1,11 @@ + # Don't allow clients to force a pass, mess with rate limiting or admin path + if (req.restarts == 0) { + unset req.http.x-pass; + unset req.http.Rate-Limit; + unset req.http.magento-admin-path; + } + unset req.http.x-long-cache; + # When using Magento tester to test whether your site is configured properly # this uses a bypass secret. By default we will use service ID as the bypass secret # however user can override this by defining a bypass_secret key in the @@ -44,8 +52,6 @@ } } - unset req.http.x-long-cache; - # We want to force long cache times on any of the versioned assets if (req.url.path ~ "^/static/version\d*/") { set req.http.x-long-cache = "1"; @@ -129,15 +135,6 @@ set req.url = querystring.regfilter(req.url, "^(####QUERY_PARAMETERS####)$"); } - # Don't allow clients to force a pass - if (req.restarts == 0) { - if ( !req.http.bypass-secret ) { - unset req.http.x-pass; - } - unset req.http.Rate-Limit; - unset req.http.magento-admin-path; - } - # Pass on checkout URLs. Because it's a snippet we want to execute this after backend selection so we handle it # in the request condition if (!req.http.x-long-cache && req.url ~ "/(checkout|customer/section/load)") { From cd3aa61df5ea167582f232b670cd9f31543215b8 Mon Sep 17 00:00:00 2001 From: Vladimir Vuksan Date: Tue, 11 Oct 2022 14:16:36 -0400 Subject: [PATCH 7/8] Bump to 1.2.190 --- Model/Layout/LayoutPlugin.php | 2 +- Release-Notes.md | 5 +++++ VERSION | 2 +- composer.json | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Model/Layout/LayoutPlugin.php b/Model/Layout/LayoutPlugin.php index 5506a016..abc06d44 100644 --- a/Model/Layout/LayoutPlugin.php +++ b/Model/Layout/LayoutPlugin.php @@ -108,7 +108,7 @@ public function afterGenerateElements(\Magento\Framework\View\Layout $subject) public function afterGetOutput(\Magento\Framework\View\Layout $subject, $result) // @codingStandardsIgnoreLine - unused parameter { if ($this->config->getType() === Config::FASTLY) { - $this->response->setHeader("Fastly-Module-Enabled", "1.2.189", true); + $this->response->setHeader("Fastly-Module-Enabled", "1.2.190", true); } return $result; diff --git a/Release-Notes.md b/Release-Notes.md index cae24cd4..451bca24 100644 --- a/Release-Notes.md +++ b/Release-Notes.md @@ -1,5 +1,10 @@ # Fastly_Cdn Release Notes +## 1.2.190 + +- Update WAF to WAF2020 https://github.com/fastly/fastly-magento2/pull/578 +- Response Plugin fixes https://github.com/fastly/fastly-magento2/pull/577 + ## 1.2.189 - Additional fix for rate limiting enablement errors https://github.com/fastly/fastly-magento2/pull/575 diff --git a/VERSION b/VERSION index 3cff2901..1b38fdcf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.189 +1.2.190 diff --git a/composer.json b/composer.json index 926dbe22..719c4245 100644 --- a/composer.json +++ b/composer.json @@ -11,7 +11,7 @@ "zordius/lightncandy": "^1.2" }, "type": "magento2-module", - "version": "1.2.189", + "version": "1.2.190", "license": "BSD-3-Clause", "autoload": { "files": [ "registration.php" ], From 265f7282082ad8419481c9df615acc704cb8431c Mon Sep 17 00:00:00 2001 From: Arseni Lapunov Date: Mon, 5 Dec 2022 17:49:19 +0100 Subject: [PATCH 8/8] Rename version header to comply with nuntius --- etc/vcl_snippets/deliver.vcl | 6 +++--- etc/vcl_snippets/hash.vcl | 2 +- etc/vcl_snippets/recv.vcl | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/etc/vcl_snippets/deliver.vcl b/etc/vcl_snippets/deliver.vcl index 24b7023e..4cf49555 100644 --- a/etc/vcl_snippets/deliver.vcl +++ b/etc/vcl_snippets/deliver.vcl @@ -4,11 +4,11 @@ } if ( fastly.ff.visits_this_service == 0 ) { - if ( req.http.Cookie:deploy_version != req.http.request_version && req.http.request_version != table.lookup(magentomodule_config, "current_version", "DEFAULT") ) { - set beresp.http.Set-Cookie:deploy_version = req.http.request_version; + if ( req.http.Cookie:deploy_version != req.http.Platformsh-Version && req.http.Platformsh-Version != table.lookup(magentomodule_config, "current_version", "DEFAULT") ) { + set beresp.http.Set-Cookie:deploy_version = req.http.Platformsh-Version; } # Tell the browser to delete the deploy_version cookie if the requested_version is current version - if ( req.http.Cookie:deploy_version != "" && req.http.request_version == table.lookup(magentomodule_config, "current_version", DEFAULT ) ) { + if ( req.http.Cookie:deploy_version != "" && req.http.Platformsh-Version == table.lookup(magentomodule_config, "current_version", DEFAULT ) ) { add beresp.http.Set-Cookie = "deploy_version=DEFAULT; Expires=Wed Jun 01 2022 00:00:00 GMT"; } } diff --git a/etc/vcl_snippets/hash.vcl b/etc/vcl_snippets/hash.vcl index 8c66174a..a5c28fe9 100644 --- a/etc/vcl_snippets/hash.vcl +++ b/etc/vcl_snippets/hash.vcl @@ -1,5 +1,5 @@ # Add support for versions of the cache depending on the blue/green model. If not specified default to DEFAULT - set req.hash += req.http.request_version; + set req.hash += req.http.Platformsh-Version; if (req.http.graphql) { # GraphQL should cache on X-Magento-Cache-Id if available, which has a bunch of variations so it should be part of the key and not a Vary factor diff --git a/etc/vcl_snippets/recv.vcl b/etc/vcl_snippets/recv.vcl index 48234285..33a8626d 100644 --- a/etc/vcl_snippets/recv.vcl +++ b/etc/vcl_snippets/recv.vcl @@ -12,13 +12,13 @@ && req.http.Cookie:deploy_version != table.lookup(magentomodule_config, "next_version", "DEFAULT") ) { # Next Version differs from Current Version. Let's roll out a percentage of traffic if (randombool(std.atoi(table.lookup(magentomodule_config, "rollout_percentage", "0")), 100)) { - set req.http.request_version = table.lookup(magentomodule_config, "next_version"); + set req.http.Platformsh-Version = table.lookup(magentomodule_config, "next_version"); } } # If request version has not been set by rollout percentage set to current version - if ( !req.http.request_version ) { - set req.http.request_version = table.lookup(magentomodule_config, "current_version", "DEFAULT"); + if ( !req.http.Platformsh-Version ) { + set req.http.Platformsh-Version = table.lookup(magentomodule_config, "current_version", "DEFAULT"); } # When using Magento tester to test whether your site is configured properly