Changeset 3005252

Timestamp:

12/04/2023 06:25:01 PM (16 months ago)

Author:

unbouncewordpress

Message:

Releasing version 1.1.1

Location:

unbounce

Files:

• tags/1.1.1 (copied) (copied from unbounce/trunk)
• tags/1.1.1/UBConfig.php (modified) (15 diffs)
• tags/1.1.1/UBDiagnostics.php (modified) (3 diffs)
• tags/1.1.1/UBHTTP.php (modified) (21 diffs)
• tags/1.1.1/Unbounce-Page.php (modified) (4 diffs)
• tags/1.1.1/js/set-unbounce-domains.js (modified) (2 diffs)
• tags/1.1.1/readme.txt (modified) (2 diffs)
• tags/1.1.1/templates/authorize_button.php (modified) (1 diff)
• tags/1.1.1/templates/diagnostics.php (modified) (2 diffs)
• tags/1.1.1/templates/main_authorized_footer.php (modified) (1 diff)
• tags/1.1.1/templates/main_unauthorized_footer.php (modified) (1 diff)
• tags/1.1.1/templates/settings_response_headers_forwarded.php (modified) (1 diff)
• trunk/UBConfig.php (modified) (15 diffs)
• trunk/UBDiagnostics.php (modified) (3 diffs)
• trunk/UBHTTP.php (modified) (21 diffs)
• trunk/Unbounce-Page.php (modified) (4 diffs)
• trunk/js/set-unbounce-domains.js (modified) (2 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/templates/authorize_button.php (modified) (1 diff)
• trunk/templates/diagnostics.php (modified) (2 diffs)
• trunk/templates/main_authorized_footer.php (modified) (1 diff)
• trunk/templates/main_unauthorized_footer.php (modified) (1 diff)
• trunk/templates/settings_response_headers_forwarded.php (modified) (1 diff)

unbounce/tags/1.1.1/UBConfig.php

@@ -3 +3 @@
 class UBConfig
 {
+    const DYNAMIC_CONFIG_DEFAULT_TIMEOUT = 86400;
+    const DYNAMIC_CONFIG_FAILURE_TIMEOUT = 1200;
 
     const UB_PLUGIN_NAME           = 'ub-wordpress';
     const UB_CACHE_TIMEOUT_ENV_KEY = 'UB_WP_ROUTES_CACHE_EXP';
-    const UB_USER_AGENT            = 'Unbounce WP Plugin 1.1.0';
-    const UB_VERSION               = '1.1.0';
+    const UB_USER_AGENT            = 'Unbounce WP Plugin 1.1.1';
+    const UB_VERSION               = '1.1.1';
 
     // WP Admin Pages
@@ -15 +17 @@
 
     // Option keys
+    const UB_DYNAMIC_CONFIG_CACHE_KEY   = 'ub-dynamic-config-cache';
     const UB_ROUTES_CACHE_KEY        = 'ub-route-cache';
     const UB_PAGE_SERVER_DOMAIN_KEY  = 'ub-page-server-domain';
+    const UB_DYNAMIC_CONFIG_DOMAIN_KEY = 'ub-dynamic-config-domain';
     const UB_API_URL_KEY             = 'ub-api-url';
     const UB_API_CLIENT_ID_KEY       = 'ub-api-client-id';
@@ -23 +27 @@
     const UB_USER_ID_KEY             = 'ub-user-id';
     const UB_DOMAIN_ID_KEY           = 'ub-domain-id';
+    const UB_DOMAIN_UUID_KEY         = 'ub-domain-uuid';
     const UB_CLIENT_ID_KEY           = 'ub-client-id';
     const UB_PROXY_ERROR_MESSAGE_KEY = 'ub-proxy-error-message';
@@ -33 +38 @@
     const UB_RESPONSE_HEADERS_FORWARDED_KEY = 'ub-response-headers-forwarded';
 
+    const UB_DEFAULT_REQUEST_HEADER_ALLOW = '/^(?:Accept|Content-Type|Referer|User-Agent|If-None-Match|Host|X-Forwarded-.+|X-Proxied-For|X-Ub-Wordpress-.+|Cookie|Accept-Language|Origin|Access-Control-Request-Headers|Access-Control-Request-Method)$/i';
+    const UB_DEFAULT_REQUEST_HEADER_ADD = array();
+    const UB_DEFAULT_REQUEST_COOKIE_ALLOW = array('ubvs', 'ubpv', 'ubvt', 'hubspotutk');
+    const UB_DEFAULT_RESPONSE_HEADER_ALLOW = array(
+        'content-length',
+        'content-location',
+        'content-type',
+        'location',
+        'link',
+        'set-cookie',
+        'cf-ray',
+        'cf-cache-status',
+        'access-control-allow-origin',
+        'access-control-allow-credentials',
+        'access-control-allow-headers',
+        'access-control-max-age'
+    );
+
     public static function ub_option_defaults()
     {
@@ -38 +61 @@
         // Arrays are not allowed in class constants, so use a function
         return array(
+            UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY => array(
+                'request_header_allow' => UBConfig::UB_DEFAULT_REQUEST_HEADER_ALLOW,
+                'request_header_add' => UBConfig::UB_DEFAULT_REQUEST_HEADER_ADD,
+                'request_cookie_allow' => UBConfig::UB_DEFAULT_REQUEST_COOKIE_ALLOW,
+                'response_header_allow' => UBConfig::UB_DEFAULT_RESPONSE_HEADER_ALLOW
+            ),
             UBConfig::UB_ROUTES_CACHE_KEY => array(),
             UBConfig::UB_PAGE_SERVER_DOMAIN_KEY => UBConfig::default_page_server_domain(),
+            UBConfig::UB_DYNAMIC_CONFIG_DOMAIN_KEY => UBConfig::default_dynamic_config_retrieval_domain(),
             UBConfig::UB_API_URL_KEY => UBConfig::default_api_url(),
             UBConfig::UB_API_CLIENT_ID_KEY => UBConfig::default_api_client_id(),
@@ -46 +76 @@
             UBConfig::UB_USER_ID_KEY => '',
             UBConfig::UB_DOMAIN_ID_KEY => '',
+            UBConfig::UB_DOMAIN_UUID_KEY => '',
             UBConfig::UB_CLIENT_ID_KEY => '',
             UBConfig::UB_PROXY_ERROR_MESSAGE_KEY => '',
@@ -76 +107 @@
     }
 
+    public static function default_dynamic_config_retrieval_domain()
+    {
+        $domain = getenv('UB_DYNAMIC_CONFIG_DOMAIN');
+        return $domain ? $domain : 'wp-config.unbouncepages.com';
+    }
+
     public static function default_api_url()
     {
@@ -96 +133 @@
     public static function page_server_domain()
     {
-        return get_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+        $domain = get_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+
+        return UBConfig::add_domain_uuid_subdomain($domain);
+    }
+
+    public static function dynamic_config_retrieval_domain()
+    {
+        $domain = get_option(UBConfig::UB_DYNAMIC_CONFIG_DOMAIN_KEY, UBConfig::default_dynamic_config_retrieval_domain());
+
+        return UBConfig::add_domain_uuid_subdomain($domain);
+    }
+
+    private static function add_domain_uuid_subdomain($domain)
+    {
+        $subdomain = get_option(UBConfig::UB_DOMAIN_UUID_KEY);
+    
+        if ($subdomain) {
+            $domain = $subdomain . '.' . $domain;
+        }
+    
+        return $domain;
     }
 
@@ -131 +188 @@
     public static function create_none_response()
     {
-        return array(array('status' => 'NONE'), null, null, null);
+        return array(array('status' => 'NONE'));
     }
 
     public static function create_same_response($etag, $max_age)
     {
-        return array(array('status' => 'SAME'), $etag, $max_age, null);
-    }
-
-    public static function create_new_response($etag, $max_age, $proxyable_url_set)
+        return array(array('status' => 'SAME'), $etag, $max_age);
+    }
+
+    public static function create_new_response_proxyable_url_set($etag, $max_age, $proxyable_url_set)
     {
         return array(array('status' => 'NEW'), $etag, $max_age, $proxyable_url_set);
     }
 
+    public static function create_new_response_dynamic_config($etag, $max_age, $request_header_allow, $request_header_add, $request_cookie_allow, $response_header_allow)
+    {
+        return array(array('status' => 'NEW'), $etag, $max_age, $request_header_allow, $request_header_add, $request_cookie_allow, $response_header_allow);
+    }
+
     public static function create_failure_response($failure_message)
     {
         return array(array('status' => 'FAILURE',
-                       'failure_message' => $failure_message),
-                 null, null, null);
+                       'failure_message' => $failure_message));
     }
 
@@ -187 +248 @@
         try {
             $url = 'https://' . $ps_domain . '/sitemap.xml';
-            $curl = curl_init();
-            $curl_options = array(
-                CURLOPT_URL => $url,
-                CURLOPT_CUSTOMREQUEST => "GET",
-                CURLOPT_HEADER => true,
-                CURLOPT_USERAGENT => UBConfig::UB_USER_AGENT,
-                CURLOPT_HTTPHEADER => UBHTTP::convert_headers_to_curl(
-                    array(
-                        'x-forwarded-host' => $domain,
-                        'if-none-match' => $etag
-                    )
-                ),
-                CURLOPT_RETURNTRANSFER => true,
-                CURLOPT_FOLLOWLOCATION => false,
-                CURLOPT_TIMEOUT => 5
-            );
-
+            
             UBLogger::debug("Retrieving routes from '$url', etag: '$etag', host: '$domain'");
 
-            curl_setopt_array($curl, $curl_options);
-            $data = curl_exec($curl);
-            $http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
-            $header_size = strlen($data) - curl_getinfo($curl, CURLINFO_SIZE_DOWNLOAD);
-            $curl_error = null;
-            $etag = null;
-            $max_age = null;
-
-            // when having an CURL error, http_code is 0
-            if ($http_code == 0) {
-                  $curl_error = curl_error($curl);
-            }
-
-            curl_close($curl);
-
-            $headers = substr($data, 0, $header_size);
-
-            $matches = array();
-            $does_match = preg_match('/ETag: (\S+)/is', $headers, $matches);
-            if ($does_match) {
-                  $etag = $matches[1];
-            }
-
-            $matches = array();
-            $does_match = preg_match('/Cache-Control: max-age=(\S+)/is', $headers, $matches);
-            if ($does_match) {
-                  $max_age = $matches[1];
-            }
+            list($data, $http_code, $header_size, $curl_error) = UBConfig::make_curl_request($url, $domain, $etag);
+            list($etag, $max_age) = UBConfig::process_headers($data, $header_size);
 
             if ($http_code == 200) {
@@ -241 +260 @@
                 if ($success) {
                     UBLogger::debug("Retrieved new routes, HTTP code: '$http_code'");
-                    return UBConfig::create_new_response($etag, $max_age, $result);
+                    return UBConfig::create_new_response_proxyable_url_set($etag, $max_age, $result);
                 } else {
                     $errors = join(', ', $result);
@@ -249 +268 @@
                 }
             }
-            if ($http_code == 304) {
-                  UBLogger::debug("Routes have not changed, HTTP code: '$http_code'");
-                  return UBConfig::create_same_response($etag, $max_age);
-            }
-            if ($http_code == 404) {
-                  UBLogger::debug("No routes to retrieve, HTTP code: '$http_code'");
-                  return UBConfig::create_none_response();
-            } else {
-                  $failure_message = "An error occurred while retrieving routes;
-                    HTTP code: '$http_code';
-                    Error: " . $curl_error;
-                  UBLogger::warning($failure_message);
-                  return UBConfig::create_failure_response($failure_message);
-            }
+
+            return UBConfig::handle_non_200_http_response($http_code, $etag, $max_age, $curl_error, 'routes');
         } catch (Exception $e) {
             $failure_message = "An error occurred while retrieving routes; Error: " . $e;
@@ -323 +330 @@
         $cache_max_time_default = 10;
 
-        $ps_domain = get_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+        $ps_domain = UBConfig::page_server_domain();
+                     
         $domains_info = get_option(UBConfig::UB_ROUTES_CACHE_KEY, array());
 
@@ -396 +404 @@
     }
 
+    // We are using a fetched dynamic config to retrieve information
+    // such that we decide what request headers to allow and add,
+    // as well as what response headers and request cookies to allow.
+    public static function read_unbounce_dynamic_config($domain)
+    {
+        // Check if curl is installed to prevent fatal error
+        if (!UBDiagnostics::is_curl_installed()) {
+            return array();
+        }
+
+        $cache_max_time_default = UBConfig::DYNAMIC_CONFIG_DEFAULT_TIMEOUT;
+        $dynamic_config = get_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, array());
+
+        if (!is_array($dynamic_config)) {
+            $dynamic_config = array();
+        }
+
+        $dynamic_config_fetched_at = UBUtil::array_fetch($dynamic_config, 'fetched_at');
+        $dynamic_config_cache_timeout = UBUtil::array_fetch($dynamic_config, 'cache_timeout');
+        $dynamic_config_etag = UBUtil::array_fetch($dynamic_config, 'etag');
+
+        $cache_max_time = is_null($dynamic_config_cache_timeout) ? $cache_max_time_default : $dynamic_config_cache_timeout;
+
+        // regardless of dynamic_config_cache_timeout being set, if the last fetch failed or returned a 404, we want to try again in 20 minutes
+        if ($dynamic_config['last_status'] === 'FAILURE' || $dynamic_config['last_status'] === 'NONE') {
+            $cache_max_time = UBConfig::DYNAMIC_CONFIG_FAILURE_TIMEOUT;
+        }
+
+        $current_time = time();
+
+        if (is_null($dynamic_config_fetched_at) ||
+            ($current_time - $dynamic_config_fetched_at > $cache_max_time)) {
+            try {
+                $can_fetch = UBUtil::get_lock();
+                UBLogger::debug('Locking: ' . $can_fetch);
+
+                if ($can_fetch) {
+                    $result_array = UBConfig::fetch_dynamic_config($domain, $dynamic_config_etag);
+                    list($routes_status, $etag, $max_age, $request_header_allow_new, $request_header_add_new, $request_cookie_allow_new, $response_header_allow_new) = $result_array;
+
+                    if ($routes_status['status'] === 'NEW') {
+                        $dynamic_config['request_header_allow'] = $request_header_allow_new;
+                        $dynamic_config['request_header_add'] = $request_header_add_new;
+                        $dynamic_config['request_cookie_allow'] = $request_cookie_allow_new;
+                        $dynamic_config['response_header_allow'] = $response_header_allow_new;
+                        $dynamic_config['etag'] = $etag;
+                        $dynamic_config['cache_timeout'] = $max_age;
+                    } elseif ($routes_status['status'] === 'SAME') {
+                        // Just extend the cache
+                        $dynamic_config['cache_timeout'] = $max_age;
+                    } elseif ($routes_status['status'] === 'FAILURE' || $routes_status['status'] === 'NONE') {
+                        UBLogger::warning('Not updating the dynamic config: Fetching failed or 404 was returned');
+                    } else {
+                        UBLogger::warning("Unknown response from dynamic config fetcher: '$routes_status'");
+                    }
+
+                    $dynamic_config['fetched_at'] = $current_time;
+                    $dynamic_config['last_status'] = $routes_status['status'];
+
+                    if ($routes_status['status'] === 'FAILURE') {
+                        $dynamic_config['failure_message'] = $routes_status['failure_message'];
+                    }
+
+                    update_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, $dynamic_config, false);
+                }
+            } catch (Exception $e) {
+                UBLogger::warning('Could not update dynamic config: ' . $e);
+                $dynamic_config['last_status'] = 'FAILURE';
+                $dynamic_config['failure_message'] = $e->getMessage();
+                update_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, $dynamic_config, false);
+            }
+
+            $release_result = UBUtil::release_lock();
+            UBLogger::debug('Unlocking: ' . $release_result);
+        }
+        
+        return UBUtil::array_select_by_key(
+            $dynamic_config,
+            array('request_header_allow', 'request_header_add', 'request_cookie_allow', 'response_header_allow')
+        );
+    }
+
+    private static function make_curl_request($url, $domain, $etag)
+    {
+        $curl = curl_init();
+        $curl_options = array(
+            CURLOPT_URL => $url,
+            CURLOPT_CUSTOMREQUEST => "GET",
+            CURLOPT_HEADER => true,
+            CURLOPT_USERAGENT => UBConfig::UB_USER_AGENT,
+            CURLOPT_HTTPHEADER => UBHTTP::convert_headers_to_curl(
+                array(
+                    'x-forwarded-host' => $domain,
+                    'if-none-match' => $etag
+                )
+            ),
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_FOLLOWLOCATION => false,
+            CURLOPT_TIMEOUT => 5
+        );
+        curl_setopt_array($curl, $curl_options);
+        
+        $data = curl_exec($curl);
+        $http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+        $header_size = strlen($data) - curl_getinfo($curl, CURLINFO_SIZE_DOWNLOAD);
+        $curl_error = $http_code == 0 ? curl_error($curl) : null;
+        
+        curl_close($curl);
+        
+        return array($data, $http_code, $header_size, $curl_error);
+    }
+
+    private static function process_headers($data, $header_size)
+    {
+        $headers = substr($data, 0, $header_size);
+        $etag = null;
+        $max_age = null;
+    
+        $matches = array();
+        $does_match = preg_match('/ETag: (\S+)/is', $headers, $matches);
+        if ($does_match) {
+            $etag = $matches[1];
+        }
+    
+        $matches = array();
+        $does_match = preg_match('/Cache-Control: max-age=(\S+)/is', $headers, $matches);
+        if ($does_match) {
+            $max_age = $matches[1];
+        }
+
+        // Make sure Cache-Control header is numeric to avoid errors later on when it is used for comparison
+        if (is_numeric($max_age)) {
+            $max_age = (int) $max_age;
+        } else {
+            $max_age = null;
+        }
+        
+        return array($etag, $max_age);
+    }
+    
+    
+
+    public static function fetch_dynamic_config($domain, $etag)
+    {
+        if (!$domain) {
+            $failure_message = 'Domain not provided, not fetching dynamic config';
+            UBLogger::warning($failure_message);
+            return UBConfig::create_failure_response($failure_message);
+        }
+        
+        try {
+            $url = 'https://' . UBConfig::dynamic_config_retrieval_domain() . '/v' . UBConfig::UB_VERSION;
+            UBLogger::debug("Retrieving dynamic config from '$url', etag: '$etag', host: '$domain'");
+
+            list($data, $http_code, $header_size, $curl_error) = UBConfig::make_curl_request($url, $domain, $etag);
+            list($etag, $max_age) = UBConfig::process_headers($data, $header_size);
+
+            if ($http_code == 200) {
+                $body = substr($data, $header_size);
+                $decoded_body = json_decode($body, true);
+
+                if (json_last_error() == JSON_ERROR_NONE) {
+                    UBLogger::debug("Retrieved new dynamic config, HTTP code: '$http_code'");
+                    return UBConfig::create_new_response_dynamic_config($etag, $max_age, $decoded_body['request_header_allow'], $decoded_body['request_header_add'], $decoded_body['request_cookie_allow'], $decoded_body['response_header_allow']);
+                } else {
+                    $failure_message = "An error occurred while processing dynamic config, JSON errors: " . json_last_error_msg();
+                    UBLogger::warning($failure_message);
+                    return UBConfig::create_failure_response($failure_message);
+                }
+            }
+
+            return UBConfig::handle_non_200_http_response($http_code, $etag, $max_age, $curl_error, 'dynamic config');
+        } catch (Exception $e) {
+            $failure_message = "An error occurred while retrieving dynamic config; Error: " . $e->getMessage();
+            UBLogger::warning($failure_message);
+            return UBConfig::create_failure_response($failure_message);
+        }
+    }
+
+    public static function handle_non_200_http_response($http_code, $etag, $max_age, $curl_error, $context)
+    {
+        if ($http_code == 304) {
+            UBLogger::debug("$context have not changed, HTTP code: '$http_code'");
+            return UBConfig::create_same_response($etag, $max_age);
+        }
+
+        if ($http_code == 404) {
+            UBLogger::debug("No $context to retrieve, HTTP code: '$http_code'");
+            return UBConfig::create_none_response();
+        }
+
+        $failure_message = "An error occurred while retrieving $context;HTTP code: '$http_code';
+        Error: " . $curl_error;
+        UBLogger::warning($failure_message);
+        return UBConfig::create_failure_response($failure_message);
+    }
+    
     public static function is_authorized_domain($domain0)
     {
@@ -407 +612 @@
         update_option(UBConfig::UB_USER_ID_KEY, $data['user_id']);
         update_option(UBConfig::UB_DOMAIN_ID_KEY, $data['domain_id']);
+        update_option(UBConfig::UB_DOMAIN_UUID_KEY, $data['domain_uuid']);
         update_option(UBConfig::UB_CLIENT_ID_KEY, $data['client_id']);
         update_option(UBConfig::UB_AUTHORIZED_DOMAINS_KEY, $domains);

unbounce/tags/1.1.1/UBDiagnostics.php

@@ -13 +13 @@
     public static function domain_checks($domain, $domain_info)
     {
-        return array(
-            'Domain is Authorized'        => UBConfig::is_authorized_domain($domain),
-            'Can Fetch Page Listing'      => UBDiagnostics::last_status_success($domain_info),
-        );
+        $dynamic_config = get_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, array());
+        $uuid = get_option(UBConfig::UB_DOMAIN_UUID_KEY, '');
+
+        $result = array(
+            'Domain is Authorized'    => UBConfig::is_authorized_domain($domain),
+            'Can Fetch Page Listing'  => UBDiagnostics::last_status_success($domain_info)
+        );
+
+        if (UBConfig::has_authorized()) {
+            $result['Domain UUID'] = $uuid !== '';
+        }
+
+        if (isset($dynamic_config['last_status'])) {
+            $result['Dynamic Config Retrieval'] = $dynamic_config['last_status'] !== 'FAILURE';
+        }
+
+        return $result;
     }
 
@@ -101 +114 @@
         'PHP Version'             => phpversion(),
         'WordPress Version'       => UBDiagnostics::wordpress_version(),
-        'Unbounce Plugin Version' => '1.1.0',
+        'Unbounce Plugin Version' => '1.1.1',
         'Checks'                  => self::pp(UBDiagnostics::checks($domain, $domain_info)),
         'Options'                 => self::pp(UBDiagnostics::ub_options()),
@@ -179 +192 @@
             'php'                 => phpversion(),
             'wordpress'           => UBDiagnostics::wordpress_version(),
-            'plugin_version'      => '1.1.0',
+            'plugin_version'      => '1.1.1',
             'curl_installed'      => self::is_curl_installed(),
             'xml_installed'       => self::is_xml_installed(),

unbounce/tags/1.1.1/UBHTTP.php

@@ -7 +7 @@
     public static $variant_url_regex = '/(.+)\/[a-z]+\.html/i';
     public static $pie_htc_url = '/PIE.htc';
-    public static $request_header_blocklist = '/^(?:Accept-Encoding|Host|Forwarded)$/i';
     public static $location_header_regex = '/^(?:Location):/i';
-    public static $cookie_allowlist = array('ubvs', 'ubpv', 'ubvt', 'hubspotutk');
-    public static $response_headers_always_forwarded = array(
-        'content-length',
-        'content-location',
-        'content-type',
-        'location',
-        'link',
-        'set-cookie',
-        'cf-ray',
-        'cf-cache-status'
-    );
 
     public static function is_public_ip_address($ip_address)
@@ -126 +114 @@
     }
 
-    public static function stream_headers_function()
-    {
-        $header_filter = UBHTTP::create_curl_response_header_filter();
+    public static function stream_headers_function($dynamic_config)
+    {
+        $header_filter = UBHTTP::create_curl_response_header_filter($dynamic_config);
 
         return function ($curl, $header_line) use ($header_filter) {
@@ -242 +230 @@
         // Always add this header to responses to show it comes from our plugin.
         header("X-Unbounce-Plugin: 1", false);
+        $dynamic_config = UBConfig::read_unbounce_dynamic_config($domain);
+
         if (UBConfig::use_curl()) {
             return UBHTTP::stream_request_curl(
@@ -249 +239 @@
                 $current_headers,
                 $current_protocol,
-                $domain
+                $domain,
+                $dynamic_config
             );
         } else {
@@ -258 +249 @@
                 $current_headers,
                 $current_protocol,
-                $domain
+                $domain,
+                $dynamic_config
             );
         }
@@ -269 +261 @@
         $current_headers,
         $current_protocol,
-        $domain
+        $domain,
+        $dynamic_config
     ) {
         $args = array(
@@ -277 +270 @@
             'timeout' => 30,
             'headers' => array_merge(
-                UBHTTP::prepare_request_headers($current_headers, $current_protocol, $domain),
+                UBHTTP::prepare_request_headers($current_headers, $current_protocol, $domain, $dynamic_config),
                 array(
                     'x-ub-wordpress-remote-request' => '1',
@@ -297 +290 @@
             http_response_code($resp['response']['code']);
             $response_headers = $resp['headers'];
-            UBHTTP::set_response_headers($response_headers);
+            UBHTTP::set_response_headers($response_headers, $dynamic_config);
             echo $resp['body'];
             return array(true, null);
@@ -303 +296 @@
     }
 
-    public static function prepare_request_headers($current_headers, $current_protocol, $domain)
-    {
-        $target_headers = array();
-        array_walk($current_headers, function ($v, $k) use (&$target_headers) {
-            if (!preg_match(UBHTTP::$request_header_blocklist, $k)) {
-                $target_headers[$k] = $v;
-            }
-        });
+    public static function prepare_request_headers($current_headers, $current_protocol, $domain, $dynamic_config)
+    {
+        
+        $request_header_allow = UBUtil::array_fetch($dynamic_config, 'request_header_allow', UBConfig::UB_DEFAULT_REQUEST_HEADER_ALLOW);
+        $request_header_add = UBUtil::array_fetch($dynamic_config, 'request_header_add', UBConfig::UB_DEFAULT_REQUEST_HEADER_ADD);
+        $request_cookie_allow = UBUtil::array_fetch($dynamic_config, 'request_cookie_allow', UBConfig::UB_DEFAULT_REQUEST_COOKIE_ALLOW);
 
         $current_forwarded_for = UBUtil::array_fetch($current_headers, 'x-forwarded-for');
@@ -316 +307 @@
         $current_remote_ip = UBUtil::array_fetch($_SERVER, 'REMOTE_ADDR');
 
-        return array_merge(
-            UBHTTP::sanitize_cookies($target_headers),
+        // remove current host header as we will be setting it to the target domain
+        unset($current_headers['host']);
+    
+        $merged_headers = array_merge(
+            UBHTTP::sanitize_cookies($current_headers, $request_cookie_allow),
             UBHTTP::get_forwarded_headers(
                 $domain,
@@ -327 +321 @@
             UBHTTP::get_common_headers()
         );
+        
+        $target_headers = array();
+        array_walk($merged_headers, function ($v, $k) use (&$target_headers, $request_header_allow) {
+            if (preg_match($request_header_allow, $k)) {
+                $target_headers[$k] = $v;
+            }
+        });
+
+        foreach ($request_header_add as $key => $value) {
+            $target_headers[$key] = $value;
+        }
+        return $target_headers;
     }
 
@@ -333 +339 @@
         $headers = array(
             'host' => UBConfig::page_server_domain(),
-            'x-ub-wordpress-plugin-version' => '1.1.0'
+            'x-ub-wordpress-plugin-version' => '1.1.1'
         );
 
@@ -364 +370 @@
     }
 
-    public static function sanitize_cookies($headers)
+    public static function sanitize_cookies($headers, $request_cookie_allow)
     {
         $cookie_key = "Cookie";
@@ -376 +382 @@
         $cookies_to_forward = UBUtil::array_select_by_key(
             UBHTTP::cookie_array_from_string($headers[$cookie_key]),
-            UBHTTP::$cookie_allowlist
-        );
-        if (sizeof($cookies_to_forward) > 0) {
-            $headers[$cookie_key] = UBHTTP::cookie_string_from_array($cookies_to_forward);
-        }
+            $request_cookie_allow
+        );
+
+        $headers[$cookie_key] = UBHTTP::cookie_string_from_array($cookies_to_forward);
         return $headers;
     }
@@ -395 +400 @@
     }
 
-    public static function set_response_headers($headers)
-    {
-        $header_filter = UBHTTP::create_response_header_filter();
+    public static function set_response_headers($headers, $dynamic_config)
+    {
+        $header_filter = UBHTTP::create_response_header_filter($dynamic_config);
 
         foreach ($headers as $h_key => $h_value) {
@@ -418 +423 @@
         $current_headers,
         $current_protocol,
-        $domain
+        $domain,
+        $dynamic_config
     ) {
         $base_response_headers = headers_list();
 
-        $target_headers = UBHTTP::prepare_request_headers($current_headers, $current_protocol, $domain);
+        $target_headers = UBHTTP::prepare_request_headers($current_headers, $current_protocol, $domain, $dynamic_config);
         $target_headers = UBHTTP::convert_headers_to_curl($target_headers);
 
@@ -429 +435 @@
         UBLogger::debug_var('target_headers', print_r($target_headers, true));
 
-        $stream_headers = UBHTTP::stream_headers_function();
+        $stream_headers = UBHTTP::stream_headers_function($dynamic_config);
         $stream_body = UBHTTP::stream_response_function();
         $curl = curl_init();
@@ -574 +580 @@
     }
 
-    private static function create_curl_response_header_filter()
+    private static function create_curl_response_header_filter($dynamic_config)
     {
         $blocklist_regex = '/^connection:/i';
@@ -585 +591 @@
         }
 
-        $allowlist = array_merge($config_headers_forwarded, UBHTTP::$response_headers_always_forwarded);
+        $allowlist = array_merge($config_headers_forwarded, UBUtil::array_fetch($dynamic_config, 'response_header_allow', array()));
         $allowlist_regex = '/^('.implode('|', $allowlist).'):/i';
         return function ($header) use ($blocklist_regex, $allowlist_regex) {
@@ -592 +598 @@
     }
 
-    private static function create_response_header_filter()
+    private static function create_response_header_filter($dynamic_config)
     {
         $config_headers_forwarded = UBConfig::response_headers_forwarded();
@@ -602 +608 @@
         }
 
-        $allowlist = array_merge($config_headers_forwarded, UBHTTP::$response_headers_always_forwarded);
+        $allowlist = array_merge($config_headers_forwarded, UBUtil::array_fetch($dynamic_config, 'response_header_allow', array()));
 
         return function ($header) use ($allowlist) {

unbounce/tags/1.1.1/Unbounce-Page.php

@@ -4 +4 @@
 Plugin URI: http://unbounce.com
 Description: Unbounce is the most powerful standalone landing page builder available.
-Version: 1.1.0
+Version: 1.1.1
 Author: Unbounce
 Author URI: http://unbounce.com
@@ -148 +148 @@
 add_action('admin_init', function () {
     $current_version = UBConfig::UB_VERSION;
-
-    if (get_option(UBConfig::UB_PLUGIN_VERSION_KEY) != $current_version) {
+    $saved_version = get_option(UBConfig::UB_PLUGIN_VERSION_KEY);
+
+    if ($saved_version != $current_version) {
         UBConfig::set_options_if_not_exist();
         update_option(UBConfig::UB_PLUGIN_VERSION_KEY, $current_version);
 
-        // When upgrading to 1.1.0, override all previous ub-page-server-domain values to new default
-        // TODO: Remove this in subsequent plugin versions
-        update_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+        // When upgrading to 1.1.x from a 1.0.x version, override all previous ub-page-server-domain values to new default
+        if (version_compare($saved_version, '1.1.0', '<')) {
+            update_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+        }
     }
 
@@ -175 +177 @@
         'set-unbounce-domains-js',
         plugins_url('js/set-unbounce-domains.js', __FILE__),
-        array('jquery', 'ub-rx')
+        array('jquery', 'ub-rx'),
+        "1.1.1"
     );
     wp_enqueue_script(
@@ -319 +322 @@
         'client_id' => UBUtil::array_fetch($_POST, 'client_id', ''),
         'domain_id' => UBUtil::array_fetch($_POST, 'domain_id', ''),
+        'domain_uuid' => UBUtil::array_fetch($_POST, 'domain_uuid', ''),
         );
 

unbounce/tags/1.1.1/js/set-unbounce-domains.js

@@ -23 +23 @@
               clientId: subAccount.id,
               domainId: domain.id,
-              name: domain.name
+              name: domain.name,
+              domainUUID: domain.uuid
             };
           } else {
@@ -55 +56 @@
         $form.find('[name="domain_id"]').val(wordpressDomain.domainId);
         $form.find('[name="client_id"]').val(wordpressDomain.clientId);
+        $form.find('[name="domain_uuid"]').val(wordpressDomain.domainUUID);
       }
 

unbounce/tags/1.1.1/readme.txt

@@ -3 +3 @@
 Tags: Unbounce, AB testing, A/B testing, split testing, CRO, conversion optimization, wordpress landing page, wp landing pages, splash pages, landing pages, squeeze pages, lead gen, lead generation, email list, responsive landing pages, templates, inbound marketing, ppc, analytics
 Requires at least: 4.1.5
-Tested up to: 6.3
-Stable tag: 1.1.0
+Tested up to: 6.4
+Stable tag: 1.1.1
 Requires PHP: 7.2
 License: GPLv2 or later
@@ -104 +104 @@
 == Changelog ==
 
+= 1.1.1 =
+* Changes to the way the plugin filters headers and cookies using a dynamic configuration.
+* Tested with WP 6.4
+
 = 1.1.0 =
 * Changes the method used to communicate with Unbounce servers, which will improve the resilience of

unbounce/tags/1.1.1/templates/authorize_button.php

@@ -3 +3 @@
   <input type="hidden" name="user_id" />
   <input type="hidden" name="domain_id" />
+  <input type="hidden" name="domain_uuid" />
   <input type="hidden" name="client_id" />
     <?php if (isset($outer_text)) { ?>

unbounce/tags/1.1.1/templates/diagnostics.php

@@ -37 +37 @@
 $sni_support = 'The Unbounce Plugin communicates with the Unbounce servers using a TLS 1.2 connection, this requires SNI support in order to function. Our diagnostics indicate that your server does not currently have SNI support.';
 
+$dynamic_config_retrieval = 'The Unbounce Plugin is unable to retrieve the dynamic configuration from Unbounce. This is required in order to make sure we are able to serve your Unbounce pages the correct way and prevent any errors. Please contact support if you continue to see this error for more than a few days.';
+
+$domain_uuid = 'Plugin requests are not sent to Unbounce servers with the uuid added as a subdomain, which compromises security. Please update wordpress enabled domains on the pages section.';
+
 $diagnostic_descriptions = array(
     'Curl Support' => $curl_support,
@@ -45 +49 @@
     'Supported PHP Version' => $supported_php_version,
     'Supported Wordpress Version' => $supported_wordpress_version,
-    'SNI Support' => $sni_support
+    'SNI Support' => $sni_support,
+    'Dynamic Config Retrieval' => $dynamic_config_retrieval,
+    "Domain UUID" => $domain_uuid,
 );
 

unbounce/tags/1.1.1/templates/main_authorized_footer.php

@@ -22 +22 @@
   Click here for troubleshooting and plugin diagnostics
 </a>
-<p class="ub-version">Unbounce Version 1.1.0</p>
+<p class="ub-version">Unbounce Version 1.1.1</p>

unbounce/tags/1.1.1/templates/main_unauthorized_footer.php

@@ -5 +5 @@
   Click here for troubleshooting and plugin diagnostics
 </a>
-<p class="ub-version">Unbounce Version 1.1.0</p>
+<p class="ub-version">Unbounce Version 1.1.1</p>

unbounce/tags/1.1.1/templates/settings_response_headers_forwarded.php

@@ -11 +11 @@
     $headers = array_map(function ($header) {
         return '<code>'.$header.'</code>';
-    }, UBHTTP::$response_headers_always_forwarded);
+    }, get_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, array())['response_header_allow']);
     echo implode(',', array_slice($headers, 0, -1)).' and '.end($headers);
     ?>

unbounce/trunk/UBConfig.php

@@ -3 +3 @@
 class UBConfig
 {
+    const DYNAMIC_CONFIG_DEFAULT_TIMEOUT = 86400;
+    const DYNAMIC_CONFIG_FAILURE_TIMEOUT = 1200;
 
     const UB_PLUGIN_NAME           = 'ub-wordpress';
     const UB_CACHE_TIMEOUT_ENV_KEY = 'UB_WP_ROUTES_CACHE_EXP';
-    const UB_USER_AGENT            = 'Unbounce WP Plugin 1.1.0';
-    const UB_VERSION               = '1.1.0';
+    const UB_USER_AGENT            = 'Unbounce WP Plugin 1.1.1';
+    const UB_VERSION               = '1.1.1';
 
     // WP Admin Pages
@@ -15 +17 @@
 
     // Option keys
+    const UB_DYNAMIC_CONFIG_CACHE_KEY   = 'ub-dynamic-config-cache';
     const UB_ROUTES_CACHE_KEY        = 'ub-route-cache';
     const UB_PAGE_SERVER_DOMAIN_KEY  = 'ub-page-server-domain';
+    const UB_DYNAMIC_CONFIG_DOMAIN_KEY = 'ub-dynamic-config-domain';
     const UB_API_URL_KEY             = 'ub-api-url';
     const UB_API_CLIENT_ID_KEY       = 'ub-api-client-id';
@@ -23 +27 @@
     const UB_USER_ID_KEY             = 'ub-user-id';
     const UB_DOMAIN_ID_KEY           = 'ub-domain-id';
+    const UB_DOMAIN_UUID_KEY         = 'ub-domain-uuid';
     const UB_CLIENT_ID_KEY           = 'ub-client-id';
     const UB_PROXY_ERROR_MESSAGE_KEY = 'ub-proxy-error-message';
@@ -33 +38 @@
     const UB_RESPONSE_HEADERS_FORWARDED_KEY = 'ub-response-headers-forwarded';
 
+    const UB_DEFAULT_REQUEST_HEADER_ALLOW = '/^(?:Accept|Content-Type|Referer|User-Agent|If-None-Match|Host|X-Forwarded-.+|X-Proxied-For|X-Ub-Wordpress-.+|Cookie|Accept-Language|Origin|Access-Control-Request-Headers|Access-Control-Request-Method)$/i';
+    const UB_DEFAULT_REQUEST_HEADER_ADD = array();
+    const UB_DEFAULT_REQUEST_COOKIE_ALLOW = array('ubvs', 'ubpv', 'ubvt', 'hubspotutk');
+    const UB_DEFAULT_RESPONSE_HEADER_ALLOW = array(
+        'content-length',
+        'content-location',
+        'content-type',
+        'location',
+        'link',
+        'set-cookie',
+        'cf-ray',
+        'cf-cache-status',
+        'access-control-allow-origin',
+        'access-control-allow-credentials',
+        'access-control-allow-headers',
+        'access-control-max-age'
+    );
+
     public static function ub_option_defaults()
     {
@@ -38 +61 @@
         // Arrays are not allowed in class constants, so use a function
         return array(
+            UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY => array(
+                'request_header_allow' => UBConfig::UB_DEFAULT_REQUEST_HEADER_ALLOW,
+                'request_header_add' => UBConfig::UB_DEFAULT_REQUEST_HEADER_ADD,
+                'request_cookie_allow' => UBConfig::UB_DEFAULT_REQUEST_COOKIE_ALLOW,
+                'response_header_allow' => UBConfig::UB_DEFAULT_RESPONSE_HEADER_ALLOW
+            ),
             UBConfig::UB_ROUTES_CACHE_KEY => array(),
             UBConfig::UB_PAGE_SERVER_DOMAIN_KEY => UBConfig::default_page_server_domain(),
+            UBConfig::UB_DYNAMIC_CONFIG_DOMAIN_KEY => UBConfig::default_dynamic_config_retrieval_domain(),
             UBConfig::UB_API_URL_KEY => UBConfig::default_api_url(),
             UBConfig::UB_API_CLIENT_ID_KEY => UBConfig::default_api_client_id(),
@@ -46 +76 @@
             UBConfig::UB_USER_ID_KEY => '',
             UBConfig::UB_DOMAIN_ID_KEY => '',
+            UBConfig::UB_DOMAIN_UUID_KEY => '',
             UBConfig::UB_CLIENT_ID_KEY => '',
             UBConfig::UB_PROXY_ERROR_MESSAGE_KEY => '',
@@ -76 +107 @@
     }
 
+    public static function default_dynamic_config_retrieval_domain()
+    {
+        $domain = getenv('UB_DYNAMIC_CONFIG_DOMAIN');
+        return $domain ? $domain : 'wp-config.unbouncepages.com';
+    }
+
     public static function default_api_url()
     {
@@ -96 +133 @@
     public static function page_server_domain()
     {
-        return get_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+        $domain = get_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+
+        return UBConfig::add_domain_uuid_subdomain($domain);
+    }
+
+    public static function dynamic_config_retrieval_domain()
+    {
+        $domain = get_option(UBConfig::UB_DYNAMIC_CONFIG_DOMAIN_KEY, UBConfig::default_dynamic_config_retrieval_domain());
+
+        return UBConfig::add_domain_uuid_subdomain($domain);
+    }
+
+    private static function add_domain_uuid_subdomain($domain)
+    {
+        $subdomain = get_option(UBConfig::UB_DOMAIN_UUID_KEY);
+    
+        if ($subdomain) {
+            $domain = $subdomain . '.' . $domain;
+        }
+    
+        return $domain;
     }
 
@@ -131 +188 @@
     public static function create_none_response()
     {
-        return array(array('status' => 'NONE'), null, null, null);
+        return array(array('status' => 'NONE'));
     }
 
     public static function create_same_response($etag, $max_age)
     {
-        return array(array('status' => 'SAME'), $etag, $max_age, null);
-    }
-
-    public static function create_new_response($etag, $max_age, $proxyable_url_set)
+        return array(array('status' => 'SAME'), $etag, $max_age);
+    }
+
+    public static function create_new_response_proxyable_url_set($etag, $max_age, $proxyable_url_set)
     {
         return array(array('status' => 'NEW'), $etag, $max_age, $proxyable_url_set);
     }
 
+    public static function create_new_response_dynamic_config($etag, $max_age, $request_header_allow, $request_header_add, $request_cookie_allow, $response_header_allow)
+    {
+        return array(array('status' => 'NEW'), $etag, $max_age, $request_header_allow, $request_header_add, $request_cookie_allow, $response_header_allow);
+    }
+
     public static function create_failure_response($failure_message)
     {
         return array(array('status' => 'FAILURE',
-                       'failure_message' => $failure_message),
-                 null, null, null);
+                       'failure_message' => $failure_message));
     }
 
@@ -187 +248 @@
         try {
             $url = 'https://' . $ps_domain . '/sitemap.xml';
-            $curl = curl_init();
-            $curl_options = array(
-                CURLOPT_URL => $url,
-                CURLOPT_CUSTOMREQUEST => "GET",
-                CURLOPT_HEADER => true,
-                CURLOPT_USERAGENT => UBConfig::UB_USER_AGENT,
-                CURLOPT_HTTPHEADER => UBHTTP::convert_headers_to_curl(
-                    array(
-                        'x-forwarded-host' => $domain,
-                        'if-none-match' => $etag
-                    )
-                ),
-                CURLOPT_RETURNTRANSFER => true,
-                CURLOPT_FOLLOWLOCATION => false,
-                CURLOPT_TIMEOUT => 5
-            );
-
+            
             UBLogger::debug("Retrieving routes from '$url', etag: '$etag', host: '$domain'");
 
-            curl_setopt_array($curl, $curl_options);
-            $data = curl_exec($curl);
-            $http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
-            $header_size = strlen($data) - curl_getinfo($curl, CURLINFO_SIZE_DOWNLOAD);
-            $curl_error = null;
-            $etag = null;
-            $max_age = null;
-
-            // when having an CURL error, http_code is 0
-            if ($http_code == 0) {
-                  $curl_error = curl_error($curl);
-            }
-
-            curl_close($curl);
-
-            $headers = substr($data, 0, $header_size);
-
-            $matches = array();
-            $does_match = preg_match('/ETag: (\S+)/is', $headers, $matches);
-            if ($does_match) {
-                  $etag = $matches[1];
-            }
-
-            $matches = array();
-            $does_match = preg_match('/Cache-Control: max-age=(\S+)/is', $headers, $matches);
-            if ($does_match) {
-                  $max_age = $matches[1];
-            }
+            list($data, $http_code, $header_size, $curl_error) = UBConfig::make_curl_request($url, $domain, $etag);
+            list($etag, $max_age) = UBConfig::process_headers($data, $header_size);
 
             if ($http_code == 200) {
@@ -241 +260 @@
                 if ($success) {
                     UBLogger::debug("Retrieved new routes, HTTP code: '$http_code'");
-                    return UBConfig::create_new_response($etag, $max_age, $result);
+                    return UBConfig::create_new_response_proxyable_url_set($etag, $max_age, $result);
                 } else {
                     $errors = join(', ', $result);
@@ -249 +268 @@
                 }
             }
-            if ($http_code == 304) {
-                  UBLogger::debug("Routes have not changed, HTTP code: '$http_code'");
-                  return UBConfig::create_same_response($etag, $max_age);
-            }
-            if ($http_code == 404) {
-                  UBLogger::debug("No routes to retrieve, HTTP code: '$http_code'");
-                  return UBConfig::create_none_response();
-            } else {
-                  $failure_message = "An error occurred while retrieving routes;
-                    HTTP code: '$http_code';
-                    Error: " . $curl_error;
-                  UBLogger::warning($failure_message);
-                  return UBConfig::create_failure_response($failure_message);
-            }
+
+            return UBConfig::handle_non_200_http_response($http_code, $etag, $max_age, $curl_error, 'routes');
         } catch (Exception $e) {
             $failure_message = "An error occurred while retrieving routes; Error: " . $e;
@@ -323 +330 @@
         $cache_max_time_default = 10;
 
-        $ps_domain = get_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+        $ps_domain = UBConfig::page_server_domain();
+                     
         $domains_info = get_option(UBConfig::UB_ROUTES_CACHE_KEY, array());
 
@@ -396 +404 @@
     }
 
+    // We are using a fetched dynamic config to retrieve information
+    // such that we decide what request headers to allow and add,
+    // as well as what response headers and request cookies to allow.
+    public static function read_unbounce_dynamic_config($domain)
+    {
+        // Check if curl is installed to prevent fatal error
+        if (!UBDiagnostics::is_curl_installed()) {
+            return array();
+        }
+
+        $cache_max_time_default = UBConfig::DYNAMIC_CONFIG_DEFAULT_TIMEOUT;
+        $dynamic_config = get_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, array());
+
+        if (!is_array($dynamic_config)) {
+            $dynamic_config = array();
+        }
+
+        $dynamic_config_fetched_at = UBUtil::array_fetch($dynamic_config, 'fetched_at');
+        $dynamic_config_cache_timeout = UBUtil::array_fetch($dynamic_config, 'cache_timeout');
+        $dynamic_config_etag = UBUtil::array_fetch($dynamic_config, 'etag');
+
+        $cache_max_time = is_null($dynamic_config_cache_timeout) ? $cache_max_time_default : $dynamic_config_cache_timeout;
+
+        // regardless of dynamic_config_cache_timeout being set, if the last fetch failed or returned a 404, we want to try again in 20 minutes
+        if ($dynamic_config['last_status'] === 'FAILURE' || $dynamic_config['last_status'] === 'NONE') {
+            $cache_max_time = UBConfig::DYNAMIC_CONFIG_FAILURE_TIMEOUT;
+        }
+
+        $current_time = time();
+
+        if (is_null($dynamic_config_fetched_at) ||
+            ($current_time - $dynamic_config_fetched_at > $cache_max_time)) {
+            try {
+                $can_fetch = UBUtil::get_lock();
+                UBLogger::debug('Locking: ' . $can_fetch);
+
+                if ($can_fetch) {
+                    $result_array = UBConfig::fetch_dynamic_config($domain, $dynamic_config_etag);
+                    list($routes_status, $etag, $max_age, $request_header_allow_new, $request_header_add_new, $request_cookie_allow_new, $response_header_allow_new) = $result_array;
+
+                    if ($routes_status['status'] === 'NEW') {
+                        $dynamic_config['request_header_allow'] = $request_header_allow_new;
+                        $dynamic_config['request_header_add'] = $request_header_add_new;
+                        $dynamic_config['request_cookie_allow'] = $request_cookie_allow_new;
+                        $dynamic_config['response_header_allow'] = $response_header_allow_new;
+                        $dynamic_config['etag'] = $etag;
+                        $dynamic_config['cache_timeout'] = $max_age;
+                    } elseif ($routes_status['status'] === 'SAME') {
+                        // Just extend the cache
+                        $dynamic_config['cache_timeout'] = $max_age;
+                    } elseif ($routes_status['status'] === 'FAILURE' || $routes_status['status'] === 'NONE') {
+                        UBLogger::warning('Not updating the dynamic config: Fetching failed or 404 was returned');
+                    } else {
+                        UBLogger::warning("Unknown response from dynamic config fetcher: '$routes_status'");
+                    }
+
+                    $dynamic_config['fetched_at'] = $current_time;
+                    $dynamic_config['last_status'] = $routes_status['status'];
+
+                    if ($routes_status['status'] === 'FAILURE') {
+                        $dynamic_config['failure_message'] = $routes_status['failure_message'];
+                    }
+
+                    update_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, $dynamic_config, false);
+                }
+            } catch (Exception $e) {
+                UBLogger::warning('Could not update dynamic config: ' . $e);
+                $dynamic_config['last_status'] = 'FAILURE';
+                $dynamic_config['failure_message'] = $e->getMessage();
+                update_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, $dynamic_config, false);
+            }
+
+            $release_result = UBUtil::release_lock();
+            UBLogger::debug('Unlocking: ' . $release_result);
+        }
+        
+        return UBUtil::array_select_by_key(
+            $dynamic_config,
+            array('request_header_allow', 'request_header_add', 'request_cookie_allow', 'response_header_allow')
+        );
+    }
+
+    private static function make_curl_request($url, $domain, $etag)
+    {
+        $curl = curl_init();
+        $curl_options = array(
+            CURLOPT_URL => $url,
+            CURLOPT_CUSTOMREQUEST => "GET",
+            CURLOPT_HEADER => true,
+            CURLOPT_USERAGENT => UBConfig::UB_USER_AGENT,
+            CURLOPT_HTTPHEADER => UBHTTP::convert_headers_to_curl(
+                array(
+                    'x-forwarded-host' => $domain,
+                    'if-none-match' => $etag
+                )
+            ),
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_FOLLOWLOCATION => false,
+            CURLOPT_TIMEOUT => 5
+        );
+        curl_setopt_array($curl, $curl_options);
+        
+        $data = curl_exec($curl);
+        $http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+        $header_size = strlen($data) - curl_getinfo($curl, CURLINFO_SIZE_DOWNLOAD);
+        $curl_error = $http_code == 0 ? curl_error($curl) : null;
+        
+        curl_close($curl);
+        
+        return array($data, $http_code, $header_size, $curl_error);
+    }
+
+    private static function process_headers($data, $header_size)
+    {
+        $headers = substr($data, 0, $header_size);
+        $etag = null;
+        $max_age = null;
+    
+        $matches = array();
+        $does_match = preg_match('/ETag: (\S+)/is', $headers, $matches);
+        if ($does_match) {
+            $etag = $matches[1];
+        }
+    
+        $matches = array();
+        $does_match = preg_match('/Cache-Control: max-age=(\S+)/is', $headers, $matches);
+        if ($does_match) {
+            $max_age = $matches[1];
+        }
+
+        // Make sure Cache-Control header is numeric to avoid errors later on when it is used for comparison
+        if (is_numeric($max_age)) {
+            $max_age = (int) $max_age;
+        } else {
+            $max_age = null;
+        }
+        
+        return array($etag, $max_age);
+    }
+    
+    
+
+    public static function fetch_dynamic_config($domain, $etag)
+    {
+        if (!$domain) {
+            $failure_message = 'Domain not provided, not fetching dynamic config';
+            UBLogger::warning($failure_message);
+            return UBConfig::create_failure_response($failure_message);
+        }
+        
+        try {
+            $url = 'https://' . UBConfig::dynamic_config_retrieval_domain() . '/v' . UBConfig::UB_VERSION;
+            UBLogger::debug("Retrieving dynamic config from '$url', etag: '$etag', host: '$domain'");
+
+            list($data, $http_code, $header_size, $curl_error) = UBConfig::make_curl_request($url, $domain, $etag);
+            list($etag, $max_age) = UBConfig::process_headers($data, $header_size);
+
+            if ($http_code == 200) {
+                $body = substr($data, $header_size);
+                $decoded_body = json_decode($body, true);
+
+                if (json_last_error() == JSON_ERROR_NONE) {
+                    UBLogger::debug("Retrieved new dynamic config, HTTP code: '$http_code'");
+                    return UBConfig::create_new_response_dynamic_config($etag, $max_age, $decoded_body['request_header_allow'], $decoded_body['request_header_add'], $decoded_body['request_cookie_allow'], $decoded_body['response_header_allow']);
+                } else {
+                    $failure_message = "An error occurred while processing dynamic config, JSON errors: " . json_last_error_msg();
+                    UBLogger::warning($failure_message);
+                    return UBConfig::create_failure_response($failure_message);
+                }
+            }
+
+            return UBConfig::handle_non_200_http_response($http_code, $etag, $max_age, $curl_error, 'dynamic config');
+        } catch (Exception $e) {
+            $failure_message = "An error occurred while retrieving dynamic config; Error: " . $e->getMessage();
+            UBLogger::warning($failure_message);
+            return UBConfig::create_failure_response($failure_message);
+        }
+    }
+
+    public static function handle_non_200_http_response($http_code, $etag, $max_age, $curl_error, $context)
+    {
+        if ($http_code == 304) {
+            UBLogger::debug("$context have not changed, HTTP code: '$http_code'");
+            return UBConfig::create_same_response($etag, $max_age);
+        }
+
+        if ($http_code == 404) {
+            UBLogger::debug("No $context to retrieve, HTTP code: '$http_code'");
+            return UBConfig::create_none_response();
+        }
+
+        $failure_message = "An error occurred while retrieving $context;HTTP code: '$http_code';
+        Error: " . $curl_error;
+        UBLogger::warning($failure_message);
+        return UBConfig::create_failure_response($failure_message);
+    }
+    
     public static function is_authorized_domain($domain0)
     {
@@ -407 +612 @@
         update_option(UBConfig::UB_USER_ID_KEY, $data['user_id']);
         update_option(UBConfig::UB_DOMAIN_ID_KEY, $data['domain_id']);
+        update_option(UBConfig::UB_DOMAIN_UUID_KEY, $data['domain_uuid']);
         update_option(UBConfig::UB_CLIENT_ID_KEY, $data['client_id']);
         update_option(UBConfig::UB_AUTHORIZED_DOMAINS_KEY, $domains);

unbounce/trunk/UBDiagnostics.php

@@ -13 +13 @@
     public static function domain_checks($domain, $domain_info)
     {
-        return array(
-            'Domain is Authorized'        => UBConfig::is_authorized_domain($domain),
-            'Can Fetch Page Listing'      => UBDiagnostics::last_status_success($domain_info),
-        );
+        $dynamic_config = get_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, array());
+        $uuid = get_option(UBConfig::UB_DOMAIN_UUID_KEY, '');
+
+        $result = array(
+            'Domain is Authorized'    => UBConfig::is_authorized_domain($domain),
+            'Can Fetch Page Listing'  => UBDiagnostics::last_status_success($domain_info)
+        );
+
+        if (UBConfig::has_authorized()) {
+            $result['Domain UUID'] = $uuid !== '';
+        }
+
+        if (isset($dynamic_config['last_status'])) {
+            $result['Dynamic Config Retrieval'] = $dynamic_config['last_status'] !== 'FAILURE';
+        }
+
+        return $result;
     }
 
@@ -101 +114 @@
         'PHP Version'             => phpversion(),
         'WordPress Version'       => UBDiagnostics::wordpress_version(),
-        'Unbounce Plugin Version' => '1.1.0',
+        'Unbounce Plugin Version' => '1.1.1',
         'Checks'                  => self::pp(UBDiagnostics::checks($domain, $domain_info)),
         'Options'                 => self::pp(UBDiagnostics::ub_options()),
@@ -179 +192 @@
             'php'                 => phpversion(),
             'wordpress'           => UBDiagnostics::wordpress_version(),
-            'plugin_version'      => '1.1.0',
+            'plugin_version'      => '1.1.1',
             'curl_installed'      => self::is_curl_installed(),
             'xml_installed'       => self::is_xml_installed(),

unbounce/trunk/UBHTTP.php

@@ -7 +7 @@
     public static $variant_url_regex = '/(.+)\/[a-z]+\.html/i';
     public static $pie_htc_url = '/PIE.htc';
-    public static $request_header_blocklist = '/^(?:Accept-Encoding|Host|Forwarded)$/i';
     public static $location_header_regex = '/^(?:Location):/i';
-    public static $cookie_allowlist = array('ubvs', 'ubpv', 'ubvt', 'hubspotutk');
-    public static $response_headers_always_forwarded = array(
-        'content-length',
-        'content-location',
-        'content-type',
-        'location',
-        'link',
-        'set-cookie',
-        'cf-ray',
-        'cf-cache-status'
-    );
 
     public static function is_public_ip_address($ip_address)
@@ -126 +114 @@
     }
 
-    public static function stream_headers_function()
-    {
-        $header_filter = UBHTTP::create_curl_response_header_filter();
+    public static function stream_headers_function($dynamic_config)
+    {
+        $header_filter = UBHTTP::create_curl_response_header_filter($dynamic_config);
 
         return function ($curl, $header_line) use ($header_filter) {
@@ -242 +230 @@
         // Always add this header to responses to show it comes from our plugin.
         header("X-Unbounce-Plugin: 1", false);
+        $dynamic_config = UBConfig::read_unbounce_dynamic_config($domain);
+
         if (UBConfig::use_curl()) {
             return UBHTTP::stream_request_curl(
@@ -249 +239 @@
                 $current_headers,
                 $current_protocol,
-                $domain
+                $domain,
+                $dynamic_config
             );
         } else {
@@ -258 +249 @@
                 $current_headers,
                 $current_protocol,
-                $domain
+                $domain,
+                $dynamic_config
             );
         }
@@ -269 +261 @@
         $current_headers,
         $current_protocol,
-        $domain
+        $domain,
+        $dynamic_config
     ) {
         $args = array(
@@ -277 +270 @@
             'timeout' => 30,
             'headers' => array_merge(
-                UBHTTP::prepare_request_headers($current_headers, $current_protocol, $domain),
+                UBHTTP::prepare_request_headers($current_headers, $current_protocol, $domain, $dynamic_config),
                 array(
                     'x-ub-wordpress-remote-request' => '1',
@@ -297 +290 @@
             http_response_code($resp['response']['code']);
             $response_headers = $resp['headers'];
-            UBHTTP::set_response_headers($response_headers);
+            UBHTTP::set_response_headers($response_headers, $dynamic_config);
             echo $resp['body'];
             return array(true, null);
@@ -303 +296 @@
     }
 
-    public static function prepare_request_headers($current_headers, $current_protocol, $domain)
-    {
-        $target_headers = array();
-        array_walk($current_headers, function ($v, $k) use (&$target_headers) {
-            if (!preg_match(UBHTTP::$request_header_blocklist, $k)) {
-                $target_headers[$k] = $v;
-            }
-        });
+    public static function prepare_request_headers($current_headers, $current_protocol, $domain, $dynamic_config)
+    {
+        
+        $request_header_allow = UBUtil::array_fetch($dynamic_config, 'request_header_allow', UBConfig::UB_DEFAULT_REQUEST_HEADER_ALLOW);
+        $request_header_add = UBUtil::array_fetch($dynamic_config, 'request_header_add', UBConfig::UB_DEFAULT_REQUEST_HEADER_ADD);
+        $request_cookie_allow = UBUtil::array_fetch($dynamic_config, 'request_cookie_allow', UBConfig::UB_DEFAULT_REQUEST_COOKIE_ALLOW);
 
         $current_forwarded_for = UBUtil::array_fetch($current_headers, 'x-forwarded-for');
@@ -316 +307 @@
         $current_remote_ip = UBUtil::array_fetch($_SERVER, 'REMOTE_ADDR');
 
-        return array_merge(
-            UBHTTP::sanitize_cookies($target_headers),
+        // remove current host header as we will be setting it to the target domain
+        unset($current_headers['host']);
+    
+        $merged_headers = array_merge(
+            UBHTTP::sanitize_cookies($current_headers, $request_cookie_allow),
             UBHTTP::get_forwarded_headers(
                 $domain,
@@ -327 +321 @@
             UBHTTP::get_common_headers()
         );
+        
+        $target_headers = array();
+        array_walk($merged_headers, function ($v, $k) use (&$target_headers, $request_header_allow) {
+            if (preg_match($request_header_allow, $k)) {
+                $target_headers[$k] = $v;
+            }
+        });
+
+        foreach ($request_header_add as $key => $value) {
+            $target_headers[$key] = $value;
+        }
+        return $target_headers;
     }
 
@@ -333 +339 @@
         $headers = array(
             'host' => UBConfig::page_server_domain(),
-            'x-ub-wordpress-plugin-version' => '1.1.0'
+            'x-ub-wordpress-plugin-version' => '1.1.1'
         );
 
@@ -364 +370 @@
     }
 
-    public static function sanitize_cookies($headers)
+    public static function sanitize_cookies($headers, $request_cookie_allow)
     {
         $cookie_key = "Cookie";
@@ -376 +382 @@
         $cookies_to_forward = UBUtil::array_select_by_key(
             UBHTTP::cookie_array_from_string($headers[$cookie_key]),
-            UBHTTP::$cookie_allowlist
-        );
-        if (sizeof($cookies_to_forward) > 0) {
-            $headers[$cookie_key] = UBHTTP::cookie_string_from_array($cookies_to_forward);
-        }
+            $request_cookie_allow
+        );
+
+        $headers[$cookie_key] = UBHTTP::cookie_string_from_array($cookies_to_forward);
         return $headers;
     }
@@ -395 +400 @@
     }
 
-    public static function set_response_headers($headers)
-    {
-        $header_filter = UBHTTP::create_response_header_filter();
+    public static function set_response_headers($headers, $dynamic_config)
+    {
+        $header_filter = UBHTTP::create_response_header_filter($dynamic_config);
 
         foreach ($headers as $h_key => $h_value) {
@@ -418 +423 @@
         $current_headers,
         $current_protocol,
-        $domain
+        $domain,
+        $dynamic_config
     ) {
         $base_response_headers = headers_list();
 
-        $target_headers = UBHTTP::prepare_request_headers($current_headers, $current_protocol, $domain);
+        $target_headers = UBHTTP::prepare_request_headers($current_headers, $current_protocol, $domain, $dynamic_config);
         $target_headers = UBHTTP::convert_headers_to_curl($target_headers);
 
@@ -429 +435 @@
         UBLogger::debug_var('target_headers', print_r($target_headers, true));
 
-        $stream_headers = UBHTTP::stream_headers_function();
+        $stream_headers = UBHTTP::stream_headers_function($dynamic_config);
         $stream_body = UBHTTP::stream_response_function();
         $curl = curl_init();
@@ -574 +580 @@
     }
 
-    private static function create_curl_response_header_filter()
+    private static function create_curl_response_header_filter($dynamic_config)
     {
         $blocklist_regex = '/^connection:/i';
@@ -585 +591 @@
         }
 
-        $allowlist = array_merge($config_headers_forwarded, UBHTTP::$response_headers_always_forwarded);
+        $allowlist = array_merge($config_headers_forwarded, UBUtil::array_fetch($dynamic_config, 'response_header_allow', array()));
         $allowlist_regex = '/^('.implode('|', $allowlist).'):/i';
         return function ($header) use ($blocklist_regex, $allowlist_regex) {
@@ -592 +598 @@
     }
 
-    private static function create_response_header_filter()
+    private static function create_response_header_filter($dynamic_config)
     {
         $config_headers_forwarded = UBConfig::response_headers_forwarded();
@@ -602 +608 @@
         }
 
-        $allowlist = array_merge($config_headers_forwarded, UBHTTP::$response_headers_always_forwarded);
+        $allowlist = array_merge($config_headers_forwarded, UBUtil::array_fetch($dynamic_config, 'response_header_allow', array()));
 
         return function ($header) use ($allowlist) {

unbounce/trunk/Unbounce-Page.php

@@ -4 +4 @@
 Plugin URI: http://unbounce.com
 Description: Unbounce is the most powerful standalone landing page builder available.
-Version: 1.1.0
+Version: 1.1.1
 Author: Unbounce
 Author URI: http://unbounce.com
@@ -148 +148 @@
 add_action('admin_init', function () {
     $current_version = UBConfig::UB_VERSION;
-
-    if (get_option(UBConfig::UB_PLUGIN_VERSION_KEY) != $current_version) {
+    $saved_version = get_option(UBConfig::UB_PLUGIN_VERSION_KEY);
+
+    if ($saved_version != $current_version) {
         UBConfig::set_options_if_not_exist();
         update_option(UBConfig::UB_PLUGIN_VERSION_KEY, $current_version);
 
-        // When upgrading to 1.1.0, override all previous ub-page-server-domain values to new default
-        // TODO: Remove this in subsequent plugin versions
-        update_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+        // When upgrading to 1.1.x from a 1.0.x version, override all previous ub-page-server-domain values to new default
+        if (version_compare($saved_version, '1.1.0', '<')) {
+            update_option(UBConfig::UB_PAGE_SERVER_DOMAIN_KEY, UBConfig::default_page_server_domain());
+        }
     }
 
@@ -175 +177 @@
         'set-unbounce-domains-js',
         plugins_url('js/set-unbounce-domains.js', __FILE__),
-        array('jquery', 'ub-rx')
+        array('jquery', 'ub-rx'),
+        "1.1.1"
     );
     wp_enqueue_script(
@@ -319 +322 @@
         'client_id' => UBUtil::array_fetch($_POST, 'client_id', ''),
         'domain_id' => UBUtil::array_fetch($_POST, 'domain_id', ''),
+        'domain_uuid' => UBUtil::array_fetch($_POST, 'domain_uuid', ''),
         );
 

unbounce/trunk/js/set-unbounce-domains.js

@@ -23 +23 @@
               clientId: subAccount.id,
               domainId: domain.id,
-              name: domain.name
+              name: domain.name,
+              domainUUID: domain.uuid
             };
           } else {
@@ -55 +56 @@
         $form.find('[name="domain_id"]').val(wordpressDomain.domainId);
         $form.find('[name="client_id"]').val(wordpressDomain.clientId);
+        $form.find('[name="domain_uuid"]').val(wordpressDomain.domainUUID);
       }
 

unbounce/trunk/readme.txt

@@ -3 +3 @@
 Tags: Unbounce, AB testing, A/B testing, split testing, CRO, conversion optimization, wordpress landing page, wp landing pages, splash pages, landing pages, squeeze pages, lead gen, lead generation, email list, responsive landing pages, templates, inbound marketing, ppc, analytics
 Requires at least: 4.1.5
-Tested up to: 6.3
-Stable tag: 1.1.0
+Tested up to: 6.4
+Stable tag: 1.1.1
 Requires PHP: 7.2
 License: GPLv2 or later
@@ -104 +104 @@
 == Changelog ==
 
+= 1.1.1 =
+* Changes to the way the plugin filters headers and cookies using a dynamic configuration.
+* Tested with WP 6.4
+
 = 1.1.0 =
 * Changes the method used to communicate with Unbounce servers, which will improve the resilience of

unbounce/trunk/templates/authorize_button.php

@@ -3 +3 @@
   <input type="hidden" name="user_id" />
   <input type="hidden" name="domain_id" />
+  <input type="hidden" name="domain_uuid" />
   <input type="hidden" name="client_id" />
     <?php if (isset($outer_text)) { ?>

unbounce/trunk/templates/diagnostics.php

@@ -37 +37 @@
 $sni_support = 'The Unbounce Plugin communicates with the Unbounce servers using a TLS 1.2 connection, this requires SNI support in order to function. Our diagnostics indicate that your server does not currently have SNI support.';
 
+$dynamic_config_retrieval = 'The Unbounce Plugin is unable to retrieve the dynamic configuration from Unbounce. This is required in order to make sure we are able to serve your Unbounce pages the correct way and prevent any errors. Please contact support if you continue to see this error for more than a few days.';
+
+$domain_uuid = 'Plugin requests are not sent to Unbounce servers with the uuid added as a subdomain, which compromises security. Please update wordpress enabled domains on the pages section.';
+
 $diagnostic_descriptions = array(
     'Curl Support' => $curl_support,
@@ -45 +49 @@
     'Supported PHP Version' => $supported_php_version,
     'Supported Wordpress Version' => $supported_wordpress_version,
-    'SNI Support' => $sni_support
+    'SNI Support' => $sni_support,
+    'Dynamic Config Retrieval' => $dynamic_config_retrieval,
+    "Domain UUID" => $domain_uuid,
 );
 

unbounce/trunk/templates/main_authorized_footer.php

@@ -22 +22 @@
   Click here for troubleshooting and plugin diagnostics
 </a>
-<p class="ub-version">Unbounce Version 1.1.0</p>
+<p class="ub-version">Unbounce Version 1.1.1</p>

unbounce/trunk/templates/main_unauthorized_footer.php

@@ -5 +5 @@
   Click here for troubleshooting and plugin diagnostics
 </a>
-<p class="ub-version">Unbounce Version 1.1.0</p>
+<p class="ub-version">Unbounce Version 1.1.1</p>

unbounce/trunk/templates/settings_response_headers_forwarded.php

@@ -11 +11 @@
     $headers = array_map(function ($header) {
         return '<code>'.$header.'</code>';
-    }, UBHTTP::$response_headers_always_forwarded);
+    }, get_option(UBConfig::UB_DYNAMIC_CONFIG_CACHE_KEY, array())['response_header_allow']);
     echo implode(',', array_slice($headers, 0, -1)).' and '.end($headers);
     ?>