#15855: cache_page decorator bypasses any Vary headers set in middleware
-------------------------------------+-------------------------------------
Reporter: carljm | Owner: nobody
Type: Bug | Status: new
Milestone: | Component: Core (Cache system)
Version: | Severity: Normal
Resolution: | Keywords:
Triage Stage: Design | Has patch: 1
decision needed | Needs tests: 0
Needs documentation: 0 | Easy pickings: 0
Patch needs improvement: 0 |
-------------------------------------+-------------------------------------
Changes (by idangazit):
* has_patch: 0 => 1
* easy: => 0
Comment:
I just got bitten by this; the docs about mixing CSRF and per-view caching
are misleading. The `vary_on_cookie` decorator doesn't actually solve the
fact that te CSRF token which is placed in the template of a cached view.
Having sat with Russ, Alex, and Jannis on the matter, the conclusion is
that the docs are simply wrong, and bear updating. To that end, see
attached docs patch.
--
Ticket URL: <https://code.djangoproject.com/ticket/15855#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
