Filter `cloudflare_use_cache` of v4.11.0 does not enable caching of pages for logged in users because of APO cookie bypass

freinbichler commented 2 years ago

Confirmation

[X] My issue isn't already found on the issue tracker.
[X] I have replicated my issue using the latest version of the plugin and it is still present.

WordPress version

6.0.1

Cloudflare-WordPress version

4.11.0

PHP version

7.4

Expected result

I am working on website with a frontend login area. The role of frontend users is "subscriber", they do not have WordPress backend access. With APO, if these users are logged in, the whole website is not served from cache for them, because of the APO cookie bypass (standard WordPress user cookie is used). Now with the release of version 4.11.0 of this plugin, pull request https://github.com/cloudflare/Cloudflare-WordPress/pull/477 was merged, which adds the cloudflare_use_cache filter to set the cf-edge-cache: cache,platform=wordpress header with custom logic (thanks @midweste). I implemented it right away, so that subscribers get this cached header when browsing the website, except for the login area itself, which should no be cached.

I would expect the header to actually control Cloudflare caching.

Actual result

However, I am getting the following headers:

cf-edge-cache: cache,platform=wordpress (the header is set correctly, my cloudflare_use_cache filter logic works)
cf-cache-status: BYPASS
cf-apo-via: origin,cookie

The page is still not served from the CDN cache. I understand that the WordPress cookie is the reason for it. However, if the cloudflare_use_cache filter does not actually override it, I would like to know what it is then used for?

In the example @midweste is using in the Pull Request https://github.com/cloudflare/Cloudflare-WordPress/pull/477#issue-1232951309, it seems to be working for him to cache certain pages for logged in users. @midweste can you elaborate?

Steps to reproduce

Force caching for logged in users:

add_filter('cloudflare_use_cache', function($cache) {
    return true;
});

Log into WordPress and confirm that the header cf-edge-cache: cache,platform=wordpress is added to the frontend of the website.
Notice that Cloudflare adds the headers cf-cache-status: BYPASS and cf-apo-via: origin,cookie and bypasses cache.

Additional factoids

No response

References

https://github.com/cloudflare/Cloudflare-WordPress/pull/477

midweste commented 2 years ago

I want to add, I kinda assumed it was working properly based on the headers, so I can't 100% confirm that those hook additions are working on my end. I will test as soon as I can but have a pretty heavy week

androidacy-user commented 2 years ago

I think cloudflare bypasses cache no matter what with certain "login" cookies set, APO or not.

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

cloudflare / Cloudflare-WordPress