From 06b059c36ae3fd8beebd69bafb57fac05891de59 Mon Sep 17 00:00:00 2001
From: Josh Hawkins <32435876+hawkeye217@users.noreply.github.com>
Date: Wed, 20 May 2026 07:29:37 -0500
Subject: [PATCH] fix admin response cache leak to non-admin users via nginx
 proxy_cache (#23261)

---
 docker/main/rootfs/usr/local/nginx/conf/nginx.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker/main/rootfs/usr/local/nginx/conf/nginx.conf b/docker/main/rootfs/usr/local/nginx/conf/nginx.conf
index 46241c5ab1..f6b0928eb9 100644
--- a/docker/main/rootfs/usr/local/nginx/conf/nginx.conf
+++ b/docker/main/rootfs/usr/local/nginx/conf/nginx.conf
@@ -259,6 +259,7 @@ http {
             include proxy.conf;
 
             proxy_cache api_cache;
+            proxy_cache_key "$scheme$proxy_host$request_uri|$role|$groups|$user";
             proxy_cache_lock on;
             proxy_cache_use_stale updating;
             proxy_cache_valid 200 5s;