-
Notifications
You must be signed in to change notification settings - Fork 381
VIP8: No pipe in builtin.vcl in V5
No matter how VIP6: What does pipe mean in Varnish5? turns out, pipe will not work as it used to in V5, and we need to decide what to do about builtin::vcl_recv{}
The return(pipe) clause in builtin.vcl dates back to V1 where a lot of corner cases of HTTP were not implemented, but we have added those over time, and I belive today pass can handle all relevant HTTP traffic.
A couple of odd-ball requests remain, CONNECT, OPTIONS and TRACE, and pipe might still be a relevant handling in some settings, but in most cases they will be evidence of ill intent on the part of the client.
Here is my suggestion:
sub vcl_recv {
if (req.method == "PRI" || /* HTTP/2.0 */
req.method == "CONNECT" ||
req.method == "OPTIONS" ||
req.method == "TRACE") {
return (synth(405));
}
if (req.method != "GET" && req.method != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
if (req.http.Authorization || req.http.Cookie) {
/* Not cacheable by default */
return (pass);
}
return (hash);
}
-
@fgsch: For CORS, you need the OPTIONS method for preflight requests.
-
@phk: So you want to pass OPTIONS also ?
-
@fgsch: I don't know how common this is tbh. Perhaps it's just a matter of documenting it? OTOH, PROPFIND and other more obscure methods will be allowed so I'm more inclined to allow this by default. Is the not allowed list meant to catch up all the methods that would otherwise require pipe'ing?