-
Improvement
-
Resolution: Fixed
-
Major
-
3.0.9
-
None
phpBB sends different content to bots detected by IP and/or user agent than it does to regular visitors. On the first visit both present without cookie and are otherwise indistinguishable. When phpBB is run behind a reverse proxy such a result can be cached because no cookie was present. However the page for bots could now be delivered to regular users and vice versa. To avoid this pitfall, phpBB should set an X-PHPBB-IS-BOT header. The reverse proxy can then use Vary (see e.g. https://www.varnish-cache.org/docs/trunk/tutorial/vary.html) to cache one version of the page for bots and one version of the page for regular visitors.