#23755: patch_cache_control should special case "no-cache"
-------------------------------+--------------------
Reporter: thenewguy | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
From my cursory reading of
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html, it looks like
patch_cache_control needs to special case "no-cache".
{{{
no-cache
If the no-cache directive does not specify a field-name, then a cache MUST
NOT use the response to satisfy a subsequent request without successful
revalidation with the origin server. This allows an origin server to
prevent caching even by caches that have been configured to return stale
responses to client requests.
If the no-cache directive does specify one or more field-names, then a
cache MAY use the response to satisfy a subsequent request, subject to any
other restrictions on caching. However, the specified field-name(s) MUST
NOT be sent in the response to a subsequent request without successful
revalidation with the origin server. This allows an origin server to
prevent the re-use of certain header fields in a response, while still
allowing caching of the rest of the response.
}}}
For example, to integrate a site that uses "Vary: Cookie" with AWS
CloudFront, one must use 'Cache-Control: no-cache="Set-Cookie"' if a
response does not vary by cookie. (I've confirmed this with AWS support
as of 10/31/2014).
patch_cache_control does not treat "no-cache" as a list. If you call
patch_cache_control(response, no_cache="Set-Cookie") and then
patch_cache_control(response, no_cache="foo"), you end up with 'Cache-
Control: no-cache="foo"'
Also, no_cache=True should take precedence over no_cache="foo" regardless
of the order it is applied.
I found Ticket https://code.djangoproject.com/ticket/13008 which proposes
to add "no-cache" to @never_cache. Just wanted to link it here since they
are related.
--
Ticket URL: <https://code.djangoproject.com/ticket/23755>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/052.1725725f79f20a863018027a15917ed8%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
