#30701: Django generates overly verbose and possibly invalid Vary headers
-----------------------------------------+------------------------
Reporter: Alexander-TX | Owner: nobody
Type: Bug | Status: new
Component: HTTP handling | Version: 2.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-----------------------------------------+------------------------
Function "patch_vary_headers", simply appends new headers to list. If view
code sets Vary header to asterisk, the resulting header (after applying
SessionMiddleware and LocaleMiddleware) looks like this:
{{{
Vary: *, Accept-Language, Cookie
}}}
This is unnecessary and possible violates HTTP spec:
{{{
The "Vary" header field in a response describes what parts of a
request message, aside from the method, Host header field, and
request target, might influence the origin server's process for
selecting and representing this response. The value consists of
either a single asterisk ("*") or a list of header field names
(case-insensitive).
Vary = "*" / 1#field-name
}}}
(from https://tools.ietf.org/html/rfc7231#page-70)
I am using Django to implement REST API, so I'd like it to speak robust
HTTP, that works with all present and future caching libraries, — even if
widely used browsers and Nginx can correctly interpret current form of the
header.
--
Ticket URL: <https://code.djangoproject.com/ticket/30701>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/055.cd2d4ae21aacb4c26c55e035bb7c2585%40djangoproject.com.
