fix: Mitigate web cache poisoning for /sdk/goals endpoint (#475)

Client SDKs communicating with the `/sdk/goals` endpoint rely on a reverse proxy to our upstream endpoints. These requests make use of a caching transport as a way to try and reduce traffic. This cache was keyed solely on the request path, allowing a malicious actor to "poison" the cache by making a request with a valid `If-None-Match` header. The proxy would pass through the request as is, receive a `304 NOT MODIFIED` from upstream, then dutifully cache the response. When a subsequent request came through, even without the `If-None-Match` header, the cached response would be loaded, the previously seen `ETag` header would be loaded and sent forward, resulting in an invalid `304 NOT MODIFIED` response. To mitigate this, we are removing the intermediate caching transport. Removing this seemingly would increase traffic to our upstream endpoints as we are removing a caching layer. However, the `/sdk/goals` endpoint returns a `Cache-Control: max-age=0`, which undermined the original intent of the caching transport. As a result, all calls are being directly proxied regardless.
launchdarkly · Feb 5, 2025 · a6ee692 · a6ee692
1 parent 1ce9396
commit a6ee692
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/gomodule/redigo v1.8.9
 	github.com/google/uuid v1.5.0 // indirect
 	github.com/gorilla/mux v1.8.0
-	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79
+	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/consul/api v1.25.1
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect

diff --git a/relay/relay.go b/relay/relay.go
@@ -14,7 +14,6 @@ import (
 
 	"github.com/launchdarkly/ld-relay/v8/internal/projmanager"
 
-	"github.com/gregjones/httpcache"
 	"github.com/launchdarkly/ld-relay/v8/config"
 	"github.com/launchdarkly/ld-relay/v8/internal/autoconfig"
 	"github.com/launchdarkly/ld-relay/v8/internal/basictypes"
@@ -416,7 +415,6 @@ func (r *Relay) addEnvironment(
 		jsClientContext.Origins = envConfig.AllowedOrigin.Values()
 		jsClientContext.Headers = envConfig.AllowedHeader.Values()
 
-		cachingTransport := httpcache.NewMemoryCacheTransport()
 		jsClientContext.Proxy = &httputil.ReverseProxy{
 			Director: func(req *http.Request) {
 				url := req.URL
@@ -433,7 +431,6 @@ func (r *Relay) addEnvironment(
 				}
 				return nil
 			},
-			Transport: cachingTransport,
 		}
 	}