Fix password-protected pages

[tcg]

Fixes: #75

WordPress allows password protecting pages, per https://wordpress.org/support/article/using-password-protection/

When the end-user enters a password, WordPress sets a cookie value prefixed wp-postpass_ followed by a hash for the URL.

Previously, since cookies are stripped, the page just "reloads" the cached version after an end user enters the page password.

This change to the VCL bypasses cache for folks with that cookie set.

To be fair, this does seem awfully broad (password cookies are page-specific), but I'm not sure how to resolve this for only the specific URLs in question. So this is my cheap workaround for the moment. My hope is this at least sparks conversation or brings someone along who knows more about how to more correctly do this (page specific?) if this change doesn't seem right for you.

[tcg]

🤔 Maybe the Fastly plugin could hook the cookie check (I haven't looked at the password check method in a while, to see if it has hooks), and do something to only those specific responses, allowing just those pages to bypass cache?

My knowledge of Varnish/VCL stuff fails me here. 🤷🏽‍♂️ Sorry.