#17313: Cache FetchMiddleware checks cache for auth despite UNAUTH_ONLY=True
-------------------------------------+--------------------
Reporter: subsume | Owner: nobody
Type: Bug | Status: new
Component: Core (Cache system) | Version:
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+--------------------
https://code.djangoproject.com/browser/django/trunk/django/middleware/cache.py#L133
The Fetch middleware makes no explicit check of its own to
settings.CACHE_MIDDLEWARE_UNAUTHENTICATED_ONLY. This results in a check to
the cache for the key. Currently, the only way it happens to work is
because the key created by django.utils.cache.get_cache_key happens to
cause a miss. If you use a simpler key which doesn't take into account the
users session, the key will not miss and authenticated users will get a
cached version despite the rather unambiguous setting.
Related to #17305 in the sense that this is another stumbling block for
people wanting to customize the Cache Middlewares.
--
Ticket URL: <https://code.djangoproject.com/ticket/17313>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
