[HN Gopher] Leaking secrets through caching with Bunny CDN
       ___________________________________________________________________
        
       Leaking secrets through caching with Bunny CDN
        
       Author : soopurman
       Score  : 73 points
       Date   : 2023-06-21 11:23 UTC (11 hours ago)
        
 (HTM) web link (httptoolkit.com)
 (TXT) w3m dump (httptoolkit.com)
        
       | kevincox wrote:
       | > Cloudflare CDN bypasses the cache for requests with
       | Authorization headers (option #3) unless either the server
       | explicitly declares the response as cacheable via Cache-Control,
       | ...
       | 
       | This is true, but notably Cloudflare doesn't support the Vary
       | header. So you can get cache leaks due to this standard break. If
       | you receive an authenticated request and return `Cache-Control:
       | max-age=60\r\nVary: Authorization` the resource will be leaked to
       | unauthenticated requests. This also breaks basic auth as the
       | unauthorized response will be cached so logging in won't work as
       | you will get the same response even though you are now passing an
       | Authorization header.
       | 
       | So basically it is only useful if you are "accidentally" sending
       | an Authroization header for public resources. The only case I can
       | think of this being useful is some sort of DOS prevention. (The
       | original will only waste resources other than auth checking for
       | unauthorized users)
        
       | [deleted]
        
       ___________________________________________________________________
       (page generated 2023-06-21 23:02 UTC)