Question

我目前正在使用Varnish 3 + Apache 2.22 + PHP 5.4堆栈运行多个Wordpress 4安装，事实证明Varnish似乎打破了Wordpress WYSIWYG，TinyMCE。因此我只能使用＆＃34; Text＆＃34;编辑器。

我知道反向代理在后台内部打破WYSIWYG听起来很奇怪，但是如果我让Varnish重新拥有一个经典的LAMP堆栈，那么一切都会恢复正常。所以它必须是一个被剥离的cookie，或类似的东西。

这是Varnish的VCL（有点凌乱，我会给你的）：

backend default {
    .host = "127.0.0.1";
    .port = "80";
    .first_byte_timeout = 300s;
}

# This function is used when a request is sent by a HTTP client (Browser)
sub vcl_recv {

    if (req.backend.healthy) {
        set req.grace = 1m;
    } else {
        set req.grace = 1d;
    }

    if (req.http.host ~ "(THE.IP.ADRESS.OF.THE.SERVER)") {
        return (pass);
    }
    else {
        set req.backend = default;
    } 

    # Uniformisation des User agent
    if (req.http.User-Agent ~ "MSIE") {
        set req.http.User-Agent = "msie";
    } else {
        set req.http.User-Agent = "firefox";
    }

    # Display client's IP instead of Varnish's in Apache logs
    if (req.restarts == 0) {
        if (req.http.x-forwarded-for) {
            set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
        } else {
            set req.http.X-Forwarded-For = client.ip;
        }
    }

    # Normalize the header, remove the port (in case you're testing this on various TCP ports)
    set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");

    # Post requests will not be cached
    if (req.request == "POST") {
        return (pass);
    }

    # BAN tuto
    if (req.request == "BANURL") {
        ban("obj.http.x-host == " + req.http.host + " && obj.http.x-url ~ " + req.url);
        error 200 "Ban added for host " + req.http.host + " and URL " + req.url;
    }

    # Blitz hack
    if (req.url ~ "/mu-.*") {
        return (pass);
    }

    # Joomla back 
    if(req.url ~ "^/administrator" || req.url ~ "^/component/banners") {    
        return (pass);
    }

    #Wordpress back
    if(req.url ~ "wp-admin") {  
        return (pass);
    }

    # Modal POPUP Drupal
    if(req.http.cookie ~ "popup_onload_time") { 
                return(pass);
    }

    #MEDIAWIKI cookies 
        if (req.http.Cookie ~ "(session|UserID|UserName|LoggedOut)" ) {
                return(pass);
        }

    # Pass wordpress-specific cookies
    if (req.http.Cookie ~ "wordpress_" || req.http.Cookie ~ "comment_") {
        return (pass);
    }

    # Remove the wp-settings-1 cookie
    set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");
    # Remove the wp-settings-time-1 cookie
    set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");
    # Remove the wp test cookie
    set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
    # Remove the "has_js" cookie
    set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
    # Remove any Google Analytics based cookies
    set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
    # Remove Piwik cookie
    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_pk_(ses|id)[\.a-z0-9]*)=[^;]*", "");

    if (!(req.url ~ "(user|admin|wp-admin|wp-login)")) {
        #unset req.http.cookie;
    }

    # Check the cookies for wordpress-specific items
    if (!req.http.cookie) {
        unset req.http.cookie;
    }

    # Are there cookies left with only spaces or that are empty?
    if (req.http.cookie ~ "^ *$") {
        unset req.http.cookie;
    }

    # Cache the following files extensions
    if (req.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico)") {
        unset req.http.cookie;
    }

    # Drupal fix
    if (req.url ~ "install\.php|update\.php|cron\.php") {
        return (pass);
    }

    # Normalize Accept-Encoding header and compression
    if (req.http.Accept-Encoding) {

        # Do no compress compressed files...
        if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
            remove req.http.Accept-Encoding;
        } elsif (req.http.Accept-Encoding ~ "gzip") {
            set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate") {
            set req.http.Accept-Encoding = "deflate";
        } else {
            remove req.http.Accept-Encoding;
        }
    }

    # Do not cache HTTP authentication and HTTP Cookie
    if (req.http.Authorization || req.http.Cookie) {
        return (pass);
    }

    # Cache all others requests
    return (lookup);
}

sub vcl_pipe {
    return (pipe);
}

sub vcl_pass {
    return (pass);
}

# The data on which the hashing will take place
sub vcl_hash {
    hash_data(req.url);
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }
    # If the client supports compression, keep that in a different cache
    if (req.http.Accept-Encoding) {
        hash_data(req.http.Accept-Encoding);
    }
    return (hash);
}

sub vcl_hit {
    # Allow purges
    return (deliver);
}

sub vcl_miss {
    # Allow purges
    return (fetch);
}

# This function is used when a request is sent by our backend (Apache server)
sub vcl_fetch {
    # For static content strip all backend cookies
    if (req.url ~ "\.(css|js|png|gif|jp(e?)g)|swf|ico") {
        unset beresp.http.cookie;
    }

    # On enlève les cookies sauf ceux des logins des backoffices 
    if (!(req.url ~ "(mediawiki|flyspray|administrator|installation|user|admin|wp-(login|admin))") && (req.request != "POST") && (beresp.http.x-logged-in == "False")) {    
        unset beresp.http.set-cookie    ;    
    }    

    # Do not cache 403 error pages
    if (beresp.status >= 400) {
        return (hit_for_pass);
    } 

    set beresp.ttl = 1h;
    set beresp.grace = 1d;
    set beresp.http.x-url = req.url;
    set beresp.http.x-host = req.http.host;

    return (deliver);

}

# The routine when we deliver the HTTP request to the user
sub vcl_deliver {

    if (obj.hits > 0) {
        set resp.http.X-Varnish-Cache = "HELL YEAH !";
    } else {
        set resp.http.X-Varnish-Cache = "ANOTHER ONE BITES THE DUST";
    }

    # BAN tuto  
    unset resp.http.x-url;
    unset resp.http.x-host;

    # Remove some headers: PHP version
    unset resp.http.X-Powered-By;

    # Remove some headers: Apache version & OS
    unset resp.http.Server;

    return (deliver);

}

sub vcl_error {
    # If backends sends 500 error, serve cache en check again every minute
    if ( obj.status == 500) {
        set obj.grace = 60s;
        return(restart);
    }
    return (deliver);    
}

哦，顺便说一句，如果您对如何更好或清理我的VCL有任何建议，欢迎您告诉我：）

Answer 1

您还需要传递wp-settings cookies

# Pass wordpress-specific cookies
if (req.http.Cookie ~ "(wordpress_|comment_|wp-settings-)") {
    return (pass);
}

Answer 2

现在就偶然发现此问题。这很简单，但对WP开发人员来说却很愚蠢。您需要转发User-Agent标头以触发浏览器检测，从而提供高级编辑器支持。

function user_can_richedit() {
        global $wp_rich_edit, $is_gecko, $is_opera, $is_safari, $is_chrome, $is_IE, $is_edge;
        if ( !isset($wp_rich_edit) ) {
                $wp_rich_edit = false;
                if ( get_user_option( 'rich_editing' ) == 'true' || ! is_user_logged_in() ) { // default to 'true' for logged out users
                        if ( $is_safari ) {
                                 $wp_rich_edit = ! wp_is_mobile() || ( preg_match( '!AppleWebKit/(\d.+)!', $_SERVER['HTTP_USER_AGENT'], $match ) && intval( $match[1] ) >= 534 );
                        } elseif ( $is_IE ) {
                                 $wp_rich_edit = ( strpos( $_SERVER['HTTP_USER_AGENT'], 'Trident/7.0;' ) !== false );
                        } elseif ( $is_gecko || $is_chrome || $is_edge || ( $is_opera && !wp_is_mobile() ) ) {
                                $wp_rich_edit = true;
                        }
                }
        }
}

Answer 3

此问题仍然存在，

unset req.http.User-Agent;

将导致相同的问题。我们的修复程序包括对vcl命令重新排序以及将未设置的User Agent命令移动到仅未登录的用户。因此，已登录的用户将获得正确的功能。但是，这将取决于业务需求，并且可能会影响以相同原理运行的其他插件。

Varnish打破Wordpress视觉编辑器TinyMCE

3 个答案: