diff options
| -rw-r--r-- | app/controllers/admin_public_body_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/help_controller.rb | 8 | ||||
| -rw-r--r-- | config/varnish-alaveteli.vcl | 6 | ||||
| -rw-r--r-- | doc/CHANGES.md | 1 |
5 files changed, 13 insertions, 12 deletions
diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb index e249cef11..0c24d47c1 100644 --- a/app/controllers/admin_public_body_controller.rb +++ b/app/controllers/admin_public_body_controller.rb @@ -31,8 +31,8 @@ class AdminPublicBodyController < AdminController lower(public_body_translations.short_name) like lower('%'||?||'%') or lower(public_body_translations.request_email) like lower('%'||?||'%' )) AND (public_body_translations.locale = '#{@locale}')", @query, @query, @query], :joins => :translations - @public_bodies_by_tag = PublicBody::Translation.find_by_tag(@query) end + @public_bodies_by_tag = PublicBody.find_by_tag(@query) end def list diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e30a7330e..b0351f7d1 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -365,14 +365,14 @@ class ApplicationController < ActionController::Base # Store last visited pages, for contact form; but only for logged in users, as otherwise this breaks caching def set_last_request(info_request) if !session[:user_id].nil? - session[:last_request_id] = info_request.id - session[:last_body_id] = nil + cookies["last_request_id"] = info_request.id + cookies["last_body_id"] = nil end end def set_last_body(public_body) if !session[:user_id].nil? - session[:last_request_id] = nil - session[:last_body_id] = public_body.id + cookies["last_request_id"] = nil + cookies["last_body_id"] = public_body.id end end diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb index c6d246b4c..9b00846ee 100644 --- a/app/controllers/help_controller.rb +++ b/app/controllers/help_controller.rb @@ -26,18 +26,18 @@ class HelpController < ApplicationController # if they clicked remove for link to request/body, remove it if params[:remove] @last_request = nil - session[:last_request_id] = nil - session[:last_body_id] = nil + cookies["last_request_id"] = nil + cookies["last_body_id"] = nil end # look up link to request/body - @last_request_id = session[:last_request_id].to_i + @last_request_id = cookies["last_request_id"].to_i if @last_request_id > 0 @last_request = InfoRequest.find(@last_request_id) else @last_request = nil end - @last_body_id = session[:last_body_id].to_i + @last_body_id = cookies["last_body_id"].to_i if @last_body_id > 0 @last_body = PublicBody.find(@last_body_id) else diff --git a/config/varnish-alaveteli.vcl b/config/varnish-alaveteli.vcl index 3312c381b..d6c42e750 100644 --- a/config/varnish-alaveteli.vcl +++ b/config/varnish-alaveteli.vcl @@ -27,9 +27,9 @@ sub vcl_recv { remove req.http.X-Forwarded-For; set req.http.X-Forwarded-For = client.ip; - # Remove has_js and Google Analytics cookies. - set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js)=[^;]*", ""); - + # Remove Google Analytics, has_js, and last-seen cookies + set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js|last_body_id|last_request_id|seen_foi2)=[^;]*", ""); + # Normalize the Accept-Encoding header if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv|pdf|ico)$") { diff --git a/doc/CHANGES.md b/doc/CHANGES.md index 4ad0d851a..8778aaac2 100644 --- a/doc/CHANGES.md +++ b/doc/CHANGES.md @@ -19,6 +19,7 @@ * Ensure you have values for new config variables (see `config/general.yml-example`): * EXCEPTION_NOTIFICATIONS_FROM * EXCEPTION_NOTIFICATIONS_TO +* The recommended Varnish config has changed, so that we ignore more cookies. You should review your Varnish config with respect to the example at `config/varnish-alaveteli.vcl`. # Version 0.4 |