Skip to content

Fix Vary parsing in cache control enforcement#37426

Merged
ClearlyClaire merged 1 commit intomastodon:mainfrom
MegaManSec:b3
Jan 9, 2026
Merged

Fix Vary parsing in cache control enforcement#37426
ClearlyClaire merged 1 commit intomastodon:mainfrom
MegaManSec:b3

Conversation

@MegaManSec
Copy link
Contributor

@MegaManSec MegaManSec commented Jan 8, 2026

Parse the Vary response header as a comma-separated list instead of splitting on whitespace, so tokens like "Authorization, Accept-Language" correctly match "authorization" and trigger private/no-store when sensitive request headers are present.

@MegaManSec
Fix Vary parsing in cache control enforcement
8ee420a 
Parse the Vary response header as a comma-separated list instead of splitting on
whitespace, so tokens like "Authorization, Accept-Language" correctly match
"authorization" and trigger private/no-store when sensitive request headers are
present.
@ClearlyClaire ClearlyClaire added the to backport PR needed to be backported label Jan 9, 2026
@ClearlyClaire ClearlyClaire added this pull request to the merge queue Jan 9, 2026
Merged via the queue into mastodon:main with commit b55982c Jan 9, 2026
35 checks passed
ClearlyClaire pushed a commit that referenced this pull request Jan 16, 2026
@MegaManSec @ClearlyClaire
Fix Vary parsing in cache control enforcement (#37426)
415d4ea
ClearlyClaire pushed a commit that referenced this pull request Jan 16, 2026
@MegaManSec @ClearlyClaire
Fix Vary parsing in cache control enforcement (#37426)
4790c1c
ClearlyClaire pushed a commit that referenced this pull request Jan 16, 2026
@MegaManSec @ClearlyClaire
Fix Vary parsing in cache control enforcement (#37426)
e724c98
ClearlyClaire pushed a commit that referenced this pull request Jan 19, 2026
@MegaManSec @ClearlyClaire
Fix Vary parsing in cache control enforcement (#37426)
f7b6e57
ClearlyClaire pushed a commit that referenced this pull request Jan 19, 2026
@MegaManSec @ClearlyClaire
Fix Vary parsing in cache control enforcement (#37426)
d3551e1
ClearlyClaire pushed a commit that referenced this pull request Jan 19, 2026
@MegaManSec @ClearlyClaire
Fix Vary parsing in cache control enforcement (#37426)
7c9e17c
@ClearlyClaire ClearlyClaire removed the to backport PR needed to be backported label Jan 19, 2026
mistydemeo pushed a commit to mistydemeo/mastodon that referenced this pull request Jan 20, 2026
@MegaManSec @mistydemeo
Fix Vary parsing in cache control enforcement (mastodon#37426)
d0bf26a
kmycode pushed a commit to kmycode/mastodon that referenced this pull request Jan 20, 2026
@MegaManSec @kmycode
Fix Vary parsing in cache control enforcement (mastodon#37426)
d2de8ea
mimikun pushed a commit to mimikun/mastodon that referenced this pull request Jan 23, 2026
@MegaManSec @mimikun
Fix Vary parsing in cache control enforcement (mastodon#37426)
eb35ef0
mimikun pushed a commit to mimikun/mastodon that referenced this pull request Jan 23, 2026
@MegaManSec @mimikun
Fix Vary parsing in cache control enforcement (mastodon#37426)
6fff5d4
Ember-ruby pushed a commit to Ember-ruby/mastodon-glitch that referenced this pull request Jan 24, 2026
@MegaManSec @Ember-ruby
Fix Vary parsing in cache control enforcement (mastodon#37426)
9a2e34d
mo-rijndael pushed a commit to mastodon-ml/mastodon that referenced this pull request Jan 25, 2026
@MegaManSec @mo-rijndael
Fix Vary parsing in cache control enforcement (mastodon#37426)
f8e4250
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ClearlyClaire ClearlyClaire ClearlyClaire approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MegaManSec @ClearlyClaire

Comments