#15855: cache_page decorator bypasses any Vary headers set in middleware
-------------------------------------+-------------------------------------
Reporter: carljm | Owner: nobody
Type: Bug | Status: new
Milestone: | Component: Core (Cache system)
Version: | Severity: Normal
Resolution: | Keywords:
Triage Stage: Design | Has patch: 1
decision needed | Needs tests: 0
Needs documentation: 0 | Easy pickings: 0
Patch needs improvement: 0 |
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by lukeplant):
It still hasn't been explained **why** `@vary_on_cookie` and `@cache_page`
don't work with CSRF pages. Idan had a sentence that looked like it was
about to explain it and then stopped. I'm guessing it is do with the
cookie being set by the middleware **after** the page has been cached.
Would the documentation be fixed by adding `@csrf_protect` into the stack
of decorators?
--
Ticket URL: <https://code.djangoproject.com/ticket/15855#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
