vary header from response is removed by CorsService.php

Created on 2 September 2024, 3 months ago

Updated 5 September 2024, 3 months ago

Problem/Motivation

We have an event subscriber which adds 'referer' string in vary header in the response . CorsService.php appendes 'origin' vary header and removing our vary header from the below code

public function varyHeader(Response $response, $header): Response
    {
        if (!$response->headers->has('Vary')) {
            $response->headers->set('Vary', $header);
        } elseif (!in_array($header, explode(', ', $response->headers->get('Vary')))) {
            $response->headers->set('Vary', $response->headers->get('Vary') . ', ' . $header);
        }

        return $response;
    }

Note: Page cache module is disabled.In the screenshots attached it is shown we are getting 'cookie' and 'referer' in the vary header but from the above code $response->headers->get('Vary') is fetching only first value of vary header which is 'cookie' in this case and adding 'origin' in the vary header. If we add the priority, our event will be fired before FinishResponse subscriber which adds 'cookie' in vary header and the order of vary header will be reversed, which is 'referer','cookie'. In this case we will get 'referer' in the response but cookie will be removed from vary.

Steps to reproduce

1.Add event subscriber in the custom module. Subscribe to kernel response event to add vary header.

public static function getSubscribedEvents() {
    $events[KernelEvents::RESPONSE][] = ['onRespond'];
    return $events;
  }
 public function onRespond(ResponseEvent $event): void {
    $response = $event->getResponse();
    $response->setVary('Referer', FALSE);
    }
  }

2. When we load the page and inspect it, referrer from the vary header is missing.

Proposed resolution

$events[KernelEvents::RESPONSE][] = ['onRespond' ,1];
If we give it a priority,it resolves the issue but then it removes cookie vary header.
something needs to be done so that in CorsService.php,$response->headers->get('Vary') , it should fetch all values of vary header and add 'orgin' at the end of it instead of replacing.

Remaining tasks

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet

🐛 Bug report

Status

Active

Version

11.0 🔥

Component

Other →

Last updated about 4 hours ago

Created by

🇮🇳India drupalite1411

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @drupalite1411
Comment 3 months ago →
🇮🇳India drupalite1411
Comment 3 months ago →
🇮🇳India drupalite1411
Comment 3 months ago →
🇮🇳India drupalite1411
Comment 3 months ago →
🇮🇳India drupalite1411
Comment 3 months ago →
🇳🇿New Zealand quietone
Changes are made on on 11.x (our main development branch) first, and are then back ported as needed according to our policies. Also, 10.2 is in security mode now.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024