Strip cookies for "/chat"

We currently strip cookies which lack a relevant session cookie for any URLs starting "/chat/" (note the trailing slash). We want to extend the same functionality to the "/chat" URL as well. It's pretty important that we match _only_ "/chat" (and not, for example, "/chat-with-someone").
alphagov · Nov 19, 2024 · 45cbce4 · 45cbce4
1 parent 18fbbae
commit 45cbce4
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/www/www.vcl.tftpl b/www/www.vcl.tftpl
@@ -230,7 +230,7 @@ sub vcl_recv {
   if (req.method !~ "^(GET|HEAD|POST|PUT|DELETE|OPTIONS|PATCH|FASTLYPURGE)") {
     error 806 "Not Implemented";
   }
-  
+
   %{ if private_extra_vcl_recv != "" ~}
     ${private_extra_vcl_recv}
   %{ endif ~}
@@ -380,9 +380,9 @@ sub vcl_recv {
   }
 %{ endif ~}
 
-  # Strip cookies for requests to /chat/* that lack a session cookie,
+  # Strip cookies for requests to /chat or /chat/* that lack a session cookie,
   # otherwise pass through
-  if (req.url ~ "^/chat/") {
+  if (req.url.path ~ "^/chat(/.*)?$") {
     if (req.http.cookie:_govuk_chat_session) {
       return(pass);
     # These endpoints make use of HEAD requests and we don't want these