FIX: Strip `discourse-logged-in` header during `force_anonymous!` (#14533)

FIX: Strip discourse-logged-in header during force_anonymous! (#14533)

When the anonymous cache forces users into anonymous mode, it strips the cookies from their request. However, the discourse-logged-in header from the JS client remained.

When the discourse-logged-in header is present without any valid auth_token, the current_user_provider [marks the request as ‘logged out’, and a discourse-logged-out header is returned to the client. This causes the JS app to popup a “you were logged out” modal, which is very disruptive.

This commit strips the discourse-logged-in header from the request at the same time as the auth cookie.

diff --git a/lib/middleware/anonymous_cache.rb b/lib/middleware/anonymous_cache.rb
index 9fe8c8c..a62fb01 100644
--- a/lib/middleware/anonymous_cache.rb
+++ b/lib/middleware/anonymous_cache.rb
@@ -171,6 +171,7 @@ module Middleware
       def force_anonymous!
         @env[Auth::DefaultCurrentUserProvider::USER_API_KEY] = nil
         @env['HTTP_COOKIE'] = nil
+        @env['HTTP_DISCOURSE_LOGGED_IN'] = nil
         @env['rack.request.cookie.hash'] = {}
         @env['rack.request.cookie.string'] = ''
         @env['_bypass_cache'] = nil
diff --git a/spec/components/middleware/anonymous_cache_spec.rb b/spec/components/middleware/anonymous_cache_spec.rb
index c9ad5b5..e0b23c8 100644
--- a/spec/components/middleware/anonymous_cache_spec.rb
+++ b/spec/components/middleware/anonymous_cache_spec.rb
@@ -186,7 +186,7 @@ describe Middleware::AnonymousCache do
 
       app = Middleware::AnonymousCache.new(
         lambda do |env|
-          is_anon = env["HTTP_COOKIE"].nil?
+          is_anon = env["HTTP_COOKIE"].nil? && env["HTTP_DISCOURSE_LOGGED_IN"].nil?
           [200, {}, ["ok"]]
         end
       )
@@ -196,6 +196,7 @@ describe Middleware::AnonymousCache do
 
       env = {
         "HTTP_COOKIE" => "_t=#{SecureRandom.hex}",
+        "HTTP_DISCOURSE_LOGGED_IN" => "true",
         "HOST" => "site.com",
         "REQUEST_METHOD" => "GET",
         "REQUEST_URI" => "/somewhere/rainbow",

GitHub sha: 7a52ce0d6dc6abbe206f650e5aa2fb4af1aab450