[bug]: GraphQL cacheable requests always have "Authorization Bearer" header

[Rado-encoder]

Description:

Magento provides Varnish config to cache GraphQL requests see here And for customer specific requests, Varnish should not cache the response as per the following :

``{{

Authenticated GraphQL requests should not be cached by default

if (req.url _{"/graphql" && req.http.Authorization} "^Bearer") { return (pass); } }}`` As you can see, Varnish will look for "Bearer" in the Authorization header which is ok when the customer is logged in and the request returns customer specific data, BUT we found out that while the customer is logged in Magento PWA includes the "Authorization Bearer" in EVERY GraphQL request even if its a non customer specific request such as CMSPages, CMSBlocks, etc, which normally can be cached, which adds a lot of unnecessary load on the server since Magento PWA fires too many GraphQL requests on every page load.

I have tested this behaviour on the Venia demo store and found the same issue there, Magento PWA includes "Authorization Bearer" header on all GraphQL requests even if its a cachable requests.

To reproduce

Steps to reproduce the behaviour :

1- sign up.in Venia.magento.com or any PWA store 2- login 3- check network tab on any page and search for GraphQL requests which should be cached such as CMSPages 4- check the request header you will find Authorization Bearer header exist 5- Varnish will not cache that request's response.

Expected behavior

This request should be cacheable by Varnish, but since it has the "Authorization Bearer" header, Varnish will treat it as customer specific request and not cache it.

Possible solutions

Either:

1- Exclude the "Authorization" header from the cacheable requests 2- Provide Varnish configuration to filter authorised cacheable requests

Debug Report

n/a

• Device : Mac
• Browser : Chrome
• Browser Version : 92.0.4515.131
• Magento Version : Magento Commerce 2.4

Please let us know what packages this bug is in regards to:

• < > venia-concept
• <*> venia-ui
• < > pwa-buildpack
• < > peregrine
• < > pwa-devdocs
• < > upward-js
• < > upward-spec
• < > create-pwa

[m2-assistant[bot]]

Hi @Rado-encoder. Thank you for your report. To help us process this issue please make sure that you provided sufficient information.

Please, add a comment to assign the issue: @magento I am working on this

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

[Rado-encoder]

@magento I am working on this

[m2-assistant[bot]]

Hi @Rado-encoder! :wave: Thank you for collaboration. Only members of Community Contributors Team are allowed to be assigned to the issue. Please use @magento add to contributors team command to join Contributors team.

[Rado-encoder]

@magento add to contributors team

[m2-assistant[bot]]

Hi @Rado-encoder! :wave: Thank you for joining. Please accept team invitation :point_right: here :point_left: and add your comment one more time.

[Rado-encoder]

@magento I am working on this

[alecarg]

@Rado-encoder facing the same issue.

Any updates on this?

[Rado-encoder]

@alecarg nothing so far, not sure why haven't they looked into it yet!

[anthoula]

@magento export issue to JIRA project PWA as Bug

[github-jira-sync-bot]

:white_check_mark: Jira issue https://jira.corp.magento.com/browse/PWA-2871 is successfully created for this GitHub issue.

[Sahilsks]

@magento I am working on this

[glo82145]

We are able to reproduce this issue. Hence issue is confirmed

[glo82145]

@adobe export issue to JIRA project PWA as Bug

[github-jira-sync-bot]

:x: You don't have permission to export this issue.

[glo42707]

@adobe export issue to JIRA project PWA as Bug

[github-jira-sync-bot]

:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/PWA-3154 is successfully created for this GitHub issue.