Verify cache-busting param during segment prefetch (#79563)
Not all CDNs respect the Vary header when caching. We must assume that
only the URL is used to vary the responses. The Next client computes a
hash of the header values and sends it as a search param.
Before responding to a request, we must verify that the hash matches the
expected value. Neglecting to do this properly can lead to cache
poisoning attacks on certain CDNs.
In this initial PR, the verification I've added only runs during per-
segment prefetch requests, since those are the only ones that both vary
on a custom header and are also cacheable. But for safety, we should run
this verification for all requests, once we confirm the behavior is
correct. Will need to update our test suite, since there are a handful
of unit tests that send fetch requests with custom headers but without a
corresponding cache-busting search param.
It would be even better if we stopped using custom request headers, and
instead fully encoded everything into the search param. At least for
cacheable requests.
