From cb4ece09b7a89e456a8da37c2d067a25399ff22c Mon Sep 17 00:00:00 2001
From: Martynas <martynas@atomgraph.com>
Date: Fri, 22 Nov 2024 00:38:07 +0100
Subject: [PATCH] Default Varnish VCL template only allows cookies in the admin
 app (for login etc.)

---
 platform/varnish.vcl.template | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/platform/varnish.vcl.template b/platform/varnish.vcl.template
index 0caa5f26b..e81f63a12 100644
--- a/platform/varnish.vcl.template
+++ b/platform/varnish.vcl.template
@@ -57,15 +57,9 @@ sub vcl_recv {
         return (pass);
     }
     if (req.http.Cookie) {
-        # explicitly allow only cookies required by LDH server-side
-        set req.http.Cookie = ";" + req.http.Cookie;
-        set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
-        set req.http.Cookie = regsuball(req.http.Cookie, ";(LinkedDataHub\.state|LinkedDataHub\.id_token)=", "; \1=");
-        set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
-        set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
-
-        if (req.http.cookie ~ "^\s*$") {
-            unset req.http.cookie;
+        # only allow cookies in the admin app (for login etc.)
+        if(req.url !~ "^/admin(/.*)?$") {
+            unset req.http.Cookie;
         }
     }