lmarquine · December 1, 2022 15:54
diff --git a/0001-Combined-PR-s-into-optimized-VCL-file.patch b/0001-Combined-PR-s-into-optimized-VCL-file.patch
 Combined PR's into optimized VCL file:
 1. https://github.com/magento/magento2/pull/29360
 2. https://github.com/magento/magento2/pull/28944
 3. https://github.com/magento/magento2/pull/28894 
 4. https://github.com/magento/magento2/pull/35228
 5. https://github.com/magento/magento2/pull/36524
 6. https://github.com/magento/magento2/pull/34323

 @package magento/module-page-cache
 @version 100.4.5
 @level 0

 diff --git etc/varnish6.vcl etc/varnish6.vcl
 index 16dd950..468330c 100644
 --- etc/varnish6.vcl
 +++ etc/varnish6.vcl
 @@ -10,7 +10,7 @@ backend default {
     .port = "/* {{ port }} */";
     .first_byte_timeout = 600s;
     .probe = {
 -        .url = "/pub/health_check.php";
 +        .url = "/health_check.php";
         .timeout = 2s;
         .interval = 5s;
         .window = 10;
 @@ -81,24 +81,9 @@ sub vcl_recv {
     # collect all cookies
     std.collect(req.http.Cookie);
 
 -    # Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
 -    if (req.http.Accept-Encoding) {
 -        if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") {
 -            # No point in compressing these
 -            unset req.http.Accept-Encoding;
 -        } elsif (req.http.Accept-Encoding ~ "gzip") {
 -            set req.http.Accept-Encoding = "gzip";
 -        } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
 -            set req.http.Accept-Encoding = "deflate";
 -        } else {
 -            # unknown algorithm
 -            unset req.http.Accept-Encoding;
 -        }
 -    }
 -
     # Remove all marketing get parameters to minimize the cache objects
 -    if (req.url ~ "(\?|&)(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
 -        set req.url = regsuball(req.url, "(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
 +    if (req.url ~ "(\?|&)(gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
 +        set req.url = regsuball(req.url, "(gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
         set req.url = regsub(req.url, "[?|&]+$", "");
     }
 
 @@ -127,9 +112,8 @@ sub vcl_hash {
     }
 
     # To make sure http users don't see ssl warning
 -    if (req.http./* {{ ssl_offloaded_header }} */) {
 -        hash_data(req.http./* {{ ssl_offloaded_header }} */);
 -    }
 +    hash_data(req.http./* {{ ssl_offloaded_header }} */);
 +
     /* {{ design_exceptions_code }} */
 
     if (req.url ~ "/graphql") {
 @@ -147,13 +131,9 @@ sub process_graphql_headers {
         }
     }
 
 -    if (req.http.Store) {
 -        hash_data(req.http.Store);
 -    }
 +    hash_data(req.http.Store);
 
 -    if (req.http.Content-Currency) {
 -        hash_data(req.http.Content-Currency);
 -    }
 +    hash_data(req.http.Content-Currency);
 }
 
 sub vcl_backend_response {
 @@ -173,9 +153,7 @@ sub vcl_backend_response {
     }
 
     # cache only successfully responses and 404s that are not marked as private
 -    if (beresp.status != 200 &&
 -            beresp.status != 404 &&
 -            beresp.http.Cache-Control ~ "private") {
 +    if ((beresp.status != 200 && beresp.status != 404) || beresp.http.Cache-Control ~ "private") {
         set beresp.uncacheable = true;
         set beresp.ttl = 86400s;
         return (deliver);
 @@ -186,28 +164,18 @@ sub vcl_backend_response {
         unset beresp.http.set-cookie;
     }
 
 -   # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
 -   if (beresp.ttl <= 0s ||
 -       beresp.http.Surrogate-control ~ "no-store" ||
 -       (!beresp.http.Surrogate-Control &&
 -       beresp.http.Cache-Control ~ "no-cache|no-store") ||
 -       beresp.http.Vary == "*") {
 -        # Mark as Hit-For-Pass for the next 2 minutes
 -        set beresp.ttl = 120s;
 -        set beresp.uncacheable = true;
 -   }
 -
 -   # If the cache key in the Magento response doesn't match the one that was sent in the request, don't cache under the request's key
 -   if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
 -      set beresp.ttl = 0s;
 -      set beresp.uncacheable = true;
 -   }
 -
 -    return (deliver);
 +    # If the cache key in the Magento response doesn't match the one that was sent in the request, don't cache under the request's key
 +    if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
 +       set beresp.ttl = 120s;
 +       set beresp.uncacheable = true;
 +       return (deliver);
 +    }
 }
 
 sub vcl_deliver {
 -    if (resp.http.x-varnish ~ " ") {
 +    if (obj.uncacheable) {
 +        set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
 +    } else if (obj.hits) {
         set resp.http.X-Magento-Cache-Debug = "HIT";
         set resp.http.Grace = req.http.grace;
     } else {
 sub vcl_deliver {
 -    if (resp.http.x-varnish ~ " ") {
 +    if (obj.uncacheable) {
 +        set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
 +    } else if (obj.hits) {
         set resp.http.X-Magento-Cache-Debug = "HIT";
         set resp.http.Grace = req.http.grace;
     } else {
diff --git a/varnish6.vcl b/varnish6.vcl
 # VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6
 vcl 4.0;

 import std;
 # The minimal Varnish version is 6.0
 # For SSL offloading, pass the following header in your proxy server or load balancer: '/* {{ ssl_offloaded_header }} */: https'

 backend default {
    .host = "/* {{ host }} */";
    .port = "/* {{ port }} */";
    .first_byte_timeout = 600s;
    .probe = {
        .url = "/health_check.php";
        .timeout = 2s;
        .interval = 5s;
        .window = 10;
        .threshold = 5;
   }
 }

 acl purge {
 /* {{ ips }} */
 }

 sub vcl_recv {
    if (req.restarts > 0) {
        set req.hash_always_miss = true;
    }

    if (req.method == "PURGE") {
        if (client.ip !~ purge) {
            return (synth(405, "Method not allowed"));
        }
        # To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
        # has been added to the response in your backend server config. This is used, for example, by the
        # capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
        if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
            return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
        }
        if (req.http.X-Magento-Tags-Pattern) {
          ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
        }
        if (req.http.X-Pool) {
          ban("obj.http.X-Pool ~ " + req.http.X-Pool);
        }
        return (synth(200, "Purged"));
    }

    if (req.method != "GET" &&
        req.method != "HEAD" &&
        req.method != "PUT" &&
        req.method != "POST" &&
        req.method != "TRACE" &&
        req.method != "OPTIONS" &&
        req.method != "DELETE") {
          /* Non-RFC2616 or CONNECT which is weird. */
          return (pipe);
    }

    # We only deal with GET and HEAD by default
    if (req.method != "GET" && req.method != "HEAD") {
        return (pass);
    }

    # Bypass health check requests
    if (req.url ~ "^/(pub/)?(health_check.php)$") {
        return (pass);
    }

    # Set initial grace period usage status
    set req.http.grace = "none";

    # normalize url in case of leading HTTP scheme and domain
    set req.url = regsub(req.url, "^http[s]?://", "");

    # collect all cookies
    std.collect(req.http.Cookie);

    # Remove all marketing get parameters to minimize the cache objects
    if (req.url ~ "(\?|&)(gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
        set req.url = regsuball(req.url, "(gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
        set req.url = regsub(req.url, "[?|&]+$", "");
    }

    # Static files caching
    if (req.url ~ "^/(pub/)?(media|static)/") {
        # Static files should not be cached by default
        return (pass);

        # But if you use a few locales and don't use CDN you can enable caching static files by commenting previous line (#return (pass);) and uncommenting next 3 lines
        #unset req.http.Https;
        #unset req.http./* {{ ssl_offloaded_header }} */;
        #unset req.http.Cookie;
    }

    # Bypass authenticated GraphQL requests without a X-Magento-Cache-Id
    if (req.url ~ "/graphql" && !req.http.X-Magento-Cache-Id && req.http.Authorization ~ "^Bearer") {
        return (pass);
    }

    return (hash);
 }

 sub vcl_hash {
    if ((req.url !~ "/graphql" || !req.http.X-Magento-Cache-Id) && req.http.cookie ~ "X-Magento-Vary=") {
        hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1"));
    }

    # To make sure http users don't see ssl warning
    hash_data(req.http./* {{ ssl_offloaded_header }} */);

    /* {{ design_exceptions_code }} */

    if (req.url ~ "/graphql") {
        call process_graphql_headers;
    }
 }

 sub process_graphql_headers {
    if (req.http.X-Magento-Cache-Id) {
        hash_data(req.http.X-Magento-Cache-Id);

        # When the frontend stops sending the auth token, make sure users stop getting results cached for logged-in users
        if (req.http.Authorization ~ "^Bearer") {
            hash_data("Authorized");
        }
    }

    hash_data(req.http.Store);

    hash_data(req.http.Content-Currency);
 }

 sub vcl_backend_response {

    set beresp.grace = 3d;

    if (beresp.http.content-type ~ "text") {
        set beresp.do_esi = true;
    }

    if (bereq.url ~ "\.js$" || beresp.http.content-type ~ "text") {
        set beresp.do_gzip = true;
    }

    if (beresp.http.X-Magento-Debug) {
        set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
    }

    # cache only successfully responses and 404s that are not marked as private
    if ((beresp.status != 200 && beresp.status != 404) || beresp.http.Cache-Control ~ "private") {
        set beresp.uncacheable = true;
        set beresp.ttl = 86400s;
        return (deliver);
    }

    # validate if we need to cache it and prevent from setting cookie
    if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
        unset beresp.http.set-cookie;
    }

    # If the cache key in the Magento response doesn't match the one that was sent in the request, don't cache under the request's key
    if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
       set beresp.ttl = 120s;
       set beresp.uncacheable = true;
       return (deliver);
    }
 }

 sub vcl_deliver {
    if (obj.uncacheable) {
        set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
    } else if (obj.hits) {
        set resp.http.X-Magento-Cache-Debug = "HIT";
        set resp.http.Grace = req.http.grace;
    } else {
        set resp.http.X-Magento-Cache-Debug = "MISS";
    }

    # Not letting browser to cache non-static files.
    if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media|static)/") {
        set resp.http.Pragma = "no-cache";
        set resp.http.Expires = "-1";
        set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
    }

    if (!resp.http.X-Magento-Debug) {
        unset resp.http.Age;
    }
    unset resp.http.X-Magento-Debug;
    unset resp.http.X-Magento-Tags;
    unset resp.http.X-Powered-By;
    unset resp.http.Server;
    unset resp.http.X-Varnish;
    unset resp.http.Via;
    unset resp.http.Link;
 }

 sub vcl_hit {
    if (obj.ttl >= 0s) {
        # Hit within TTL period
        return (deliver);
    }
    if (std.healthy(req.backend_hint)) {
        if (obj.ttl + /* {{ grace_period }} */s > 0s) {
            # Hit after TTL expiration, but within grace period
            set req.http.grace = "normal (healthy server)";
            return (deliver);
        } else {
            # Hit after TTL and grace expiration
            return (restart);
        }
    } else {
        # server is not healthy, retrieve from cache
        set req.http.grace = "unlimited (unhealthy server)";
        return (deliver);
    }
 }
	Combined PR's into optimized VCL file:
	1. https://github.com/magento/magento2/pull/29360
	2. https://github.com/magento/magento2/pull/28944
	3. https://github.com/magento/magento2/pull/28894
	4. https://github.com/magento/magento2/pull/35228
	5. https://github.com/magento/magento2/pull/36524
	6. https://github.com/magento/magento2/pull/34323

	@package magento/module-page-cache
	@version 100.4.5
	@level 0

	diff --git etc/varnish6.vcl etc/varnish6.vcl
	index 16dd950..468330c 100644
	--- etc/varnish6.vcl
	+++ etc/varnish6.vcl
	@@ -10,7 +10,7 @@ backend default {
	.port = "/* {{ port }} */";
	.first_byte_timeout = 600s;
	.probe = {
	- .url = "/pub/health_check.php";
	+ .url = "/health_check.php";
	.timeout = 2s;
	.interval = 5s;
	.window = 10;
	@@ -81,24 +81,9 @@ sub vcl_recv {
	# collect all cookies
	std.collect(req.http.Cookie);

	- # Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
	- if (req.http.Accept-Encoding) {
	- if (req.url ~ "\.(jpg\|jpeg\|png\|gif\|gz\|tgz\|bz2\|tbz\|mp3\|ogg\|swf\|flv)$") {
	- # No point in compressing these
	- unset req.http.Accept-Encoding;
	- } elsif (req.http.Accept-Encoding ~ "gzip") {
	- set req.http.Accept-Encoding = "gzip";
	- } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
	- set req.http.Accept-Encoding = "deflate";
	- } else {
	- # unknown algorithm
	- unset req.http.Accept-Encoding;
	- }
	- }
	-
	# Remove all marketing get parameters to minimize the cache objects
	- if (req.url ~ "(\?\|&)(gclid\|cx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=") {
	- set req.url = regsuball(req.url, "(gclid\|cx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
	+ if (req.url ~ "(\?\|&)(gclid\|cx\|_kx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=") {
	+ set req.url = regsuball(req.url, "(gclid\|cx\|_kx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
	set req.url = regsub(req.url, "[?\|&]+$", "");
	}

	@@ -127,9 +112,8 @@ sub vcl_hash {
	}

	# To make sure http users don't see ssl warning
	- if (req.http./* {{ ssl_offloaded_header }} */) {
	- hash_data(req.http./* {{ ssl_offloaded_header }} */);
	- }
	+ hash_data(req.http./* {{ ssl_offloaded_header }} */);
	+
	/* {{ design_exceptions_code }} */

	if (req.url ~ "/graphql") {
	@@ -147,13 +131,9 @@ sub process_graphql_headers {
	}
	}

	- if (req.http.Store) {
	- hash_data(req.http.Store);
	- }
	+ hash_data(req.http.Store);

	- if (req.http.Content-Currency) {
	- hash_data(req.http.Content-Currency);
	- }
	+ hash_data(req.http.Content-Currency);
	}

	sub vcl_backend_response {
	@@ -173,9 +153,7 @@ sub vcl_backend_response {
	}

	# cache only successfully responses and 404s that are not marked as private
	- if (beresp.status != 200 &&
	- beresp.status != 404 &&
	- beresp.http.Cache-Control ~ "private") {
	+ if ((beresp.status != 200 && beresp.status != 404) \|\| beresp.http.Cache-Control ~ "private") {
	set beresp.uncacheable = true;
	set beresp.ttl = 86400s;
	return (deliver);
	@@ -186,28 +164,18 @@ sub vcl_backend_response {
	unset beresp.http.set-cookie;
	}

	- # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
	- if (beresp.ttl <= 0s \|\|
	- beresp.http.Surrogate-control ~ "no-store" \|\|
	- (!beresp.http.Surrogate-Control &&
	- beresp.http.Cache-Control ~ "no-cache\|no-store") \|\|
	- beresp.http.Vary == "*") {
	- # Mark as Hit-For-Pass for the next 2 minutes
	- set beresp.ttl = 120s;
	- set beresp.uncacheable = true;
	- }
	-
	- # If the cache key in the Magento response doesn't match the one that was sent in the request, don't cache under the request's key
	- if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
	- set beresp.ttl = 0s;
	- set beresp.uncacheable = true;
	- }
	-
	- return (deliver);
	+ # If the cache key in the Magento response doesn't match the one that was sent in the request, don't cache under the request's key
	+ if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
	+ set beresp.ttl = 120s;
	+ set beresp.uncacheable = true;
	+ return (deliver);
	+ }
	}

	sub vcl_deliver {
	- if (resp.http.x-varnish ~ " ") {
	+ if (obj.uncacheable) {
	+ set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
	+ } else if (obj.hits) {
	set resp.http.X-Magento-Cache-Debug = "HIT";
	set resp.http.Grace = req.http.grace;
	} else {
	sub vcl_deliver {
	- if (resp.http.x-varnish ~ " ") {
	+ if (obj.uncacheable) {
	+ set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
	+ } else if (obj.hits) {
	set resp.http.X-Magento-Cache-Debug = "HIT";
	set resp.http.Grace = req.http.grace;
	} else {
	# VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6
	vcl 4.0;

	import std;
	# The minimal Varnish version is 6.0
	# For SSL offloading, pass the following header in your proxy server or load balancer: '/* {{ ssl_offloaded_header }} */: https'

	backend default {
	.host = "/* {{ host }} */";
	.port = "/* {{ port }} */";
	.first_byte_timeout = 600s;
	.probe = {
	.url = "/health_check.php";
	.timeout = 2s;
	.interval = 5s;
	.window = 10;
	.threshold = 5;
	}
	}

	acl purge {
	/* {{ ips }} */
	}

	sub vcl_recv {
	if (req.restarts > 0) {
	set req.hash_always_miss = true;
	}

	if (req.method == "PURGE") {
	if (client.ip !~ purge) {
	return (synth(405, "Method not allowed"));
	}
	# To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
	# has been added to the response in your backend server config. This is used, for example, by the
	# capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
	if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
	return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
	}
	if (req.http.X-Magento-Tags-Pattern) {
	ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
	}
	if (req.http.X-Pool) {
	ban("obj.http.X-Pool ~ " + req.http.X-Pool);
	}
	return (synth(200, "Purged"));
	}

	if (req.method != "GET" &&
	req.method != "HEAD" &&
	req.method != "PUT" &&
	req.method != "POST" &&
	req.method != "TRACE" &&
	req.method != "OPTIONS" &&
	req.method != "DELETE") {
	/* Non-RFC2616 or CONNECT which is weird. */
	return (pipe);
	}

	# We only deal with GET and HEAD by default
	if (req.method != "GET" && req.method != "HEAD") {
	return (pass);
	}

	# Bypass health check requests
	if (req.url ~ "^/(pub/)?(health_check.php)$") {
	return (pass);
	}

	# Set initial grace period usage status
	set req.http.grace = "none";

	# normalize url in case of leading HTTP scheme and domain
	set req.url = regsub(req.url, "^http[s]?://", "");

	# collect all cookies
	std.collect(req.http.Cookie);

	# Remove all marketing get parameters to minimize the cache objects
	if (req.url ~ "(\?\|&)(gclid\|cx\|_kx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=") {
	set req.url = regsuball(req.url, "(gclid\|cx\|_kx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
	set req.url = regsub(req.url, "[?\|&]+$", "");
	}

	# Static files caching
	if (req.url ~ "^/(pub/)?(media\|static)/") {
	# Static files should not be cached by default
	return (pass);

	# But if you use a few locales and don't use CDN you can enable caching static files by commenting previous line (#return (pass);) and uncommenting next 3 lines
	#unset req.http.Https;
	#unset req.http./* {{ ssl_offloaded_header }} */;
	#unset req.http.Cookie;
	}

	# Bypass authenticated GraphQL requests without a X-Magento-Cache-Id
	if (req.url ~ "/graphql" && !req.http.X-Magento-Cache-Id && req.http.Authorization ~ "^Bearer") {
	return (pass);
	}

	return (hash);
	}

	sub vcl_hash {
	if ((req.url !~ "/graphql" \|\| !req.http.X-Magento-Cache-Id) && req.http.cookie ~ "X-Magento-Vary=") {
	hash_data(regsub(req.http.cookie, "^.?X-Magento-Vary=([^;]+);.*$", "\1"));
	}

	# To make sure http users don't see ssl warning
	hash_data(req.http./* {{ ssl_offloaded_header }} */);

	/* {{ design_exceptions_code }} */

	if (req.url ~ "/graphql") {
	call process_graphql_headers;
	}
	}

	sub process_graphql_headers {
	if (req.http.X-Magento-Cache-Id) {
	hash_data(req.http.X-Magento-Cache-Id);

	# When the frontend stops sending the auth token, make sure users stop getting results cached for logged-in users
	if (req.http.Authorization ~ "^Bearer") {
	hash_data("Authorized");
	}
	}

	hash_data(req.http.Store);

	hash_data(req.http.Content-Currency);
	}

	sub vcl_backend_response {

	set beresp.grace = 3d;

	if (beresp.http.content-type ~ "text") {
	set beresp.do_esi = true;
	}

	if (bereq.url ~ "\.js$" \|\| beresp.http.content-type ~ "text") {
	set beresp.do_gzip = true;
	}

	if (beresp.http.X-Magento-Debug) {
	set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
	}

	# cache only successfully responses and 404s that are not marked as private
	if ((beresp.status != 200 && beresp.status != 404) \|\| beresp.http.Cache-Control ~ "private") {
	set beresp.uncacheable = true;
	set beresp.ttl = 86400s;
	return (deliver);
	}

	# validate if we need to cache it and prevent from setting cookie
	if (beresp.ttl > 0s && (bereq.method == "GET" \|\| bereq.method == "HEAD")) {
	unset beresp.http.set-cookie;
	}

	# If the cache key in the Magento response doesn't match the one that was sent in the request, don't cache under the request's key
	if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
	set beresp.ttl = 120s;
	set beresp.uncacheable = true;
	return (deliver);
	}
	}

	sub vcl_deliver {
	if (obj.uncacheable) {
	set resp.http.X-Magento-Cache-Debug = "UNCACHEABLE";
	} else if (obj.hits) {
	set resp.http.X-Magento-Cache-Debug = "HIT";
	set resp.http.Grace = req.http.grace;
	} else {
	set resp.http.X-Magento-Cache-Debug = "MISS";
	}

	# Not letting browser to cache non-static files.
	if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media\|static)/") {
	set resp.http.Pragma = "no-cache";
	set resp.http.Expires = "-1";
	set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
	}

	if (!resp.http.X-Magento-Debug) {
	unset resp.http.Age;
	}
	unset resp.http.X-Magento-Debug;
	unset resp.http.X-Magento-Tags;
	unset resp.http.X-Powered-By;
	unset resp.http.Server;
	unset resp.http.X-Varnish;
	unset resp.http.Via;
	unset resp.http.Link;
	}

	sub vcl_hit {
	if (obj.ttl >= 0s) {
	# Hit within TTL period
	return (deliver);
	}
	if (std.healthy(req.backend_hint)) {
	if (obj.ttl + /* {{ grace_period }} */s > 0s) {
	# Hit after TTL expiration, but within grace period
	set req.http.grace = "normal (healthy server)";
	return (deliver);
	} else {
	# Hit after TTL and grace expiration
	return (restart);
	}
	} else {
	# server is not healthy, retrieve from cache
	set req.http.grace = "unlimited (unhealthy server)";
	return (deliver);
	}
	}