On Oct 21, 9:17 pm, Jim Dalton wrote:
> On Oct 21, 2011, at 8:04 AM, Kääriäinen Anssi wrote:
>
> > I do not know nearly enough about caching to participate fully in this
> > discussion. But it strikes me that the attempt to have CSRF protected
> > anonymous page cached is not that smart. If you
I think for the moment, the easy fix for anonymous forms it either to
put them on a different page or
to load them with ajax.
This way the forms and thus the tokens gets generated only when
needed.
If caching and performances are a big concern, I think those
alternative are win/win solutions.
Yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/21/2011 07:02 AM, Jim Dalton wrote:
> 1. Fixing #9249 and #15855. I hear your philosophical concerns about
> #9249 but the ubiquity of Google Analytics means we must do fine some
> way to fix it (IMO). Addressing these two tickets would at least
On Oct 21, 2011, at 8:04 AM, Kääriäinen Anssi wrote:
> I do not know nearly enough about caching to participate fully in this
> discussion. But it strikes me that the attempt to have CSRF protected
> anonymous page cached is not that smart. If you have an anonymous submittable
> form, why bothe
oglegroups.com [django-developers@googlegroups.com]
On Behalf Of Jim Dalton [jim.dal...@gmail.com]
Sent: Friday, October 21, 2011 16:02
To: django-developers@googlegroups.com
Subject: Re: The state of per-site/per-view middleware caching in Django
On Oct 20, 2011, at 6:02 PM, Carl Meyer wrote:
On Oct 20, 2011, at 6:02 PM, Carl Meyer wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi Jim,
>
> This is a really useful summary of the current state of things, thanks
> for putting it together.
>
> Re the anonymous/authenticated issue, CSRF token, and Google Analytics
> cookies
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Jim,
This is a really useful summary of the current state of things, thanks
for putting it together.
Re the anonymous/authenticated issue, CSRF token, and Google Analytics
cookies, it all boils down to the same root issue. And Niran is right,
what
Hi...
For PyLucid i made a simple cache middleware [1] simmilar to Django per-site
cache middleware [2]. But i doesn't vary on Cookies and don't cache cookies. I
simply cache only the response content.
Of course: This doesn't solve the problem if "csrfmiddlewaretoken" in content.
Here some p
On Oct 20, 2011, at 10:26 AM, Niran Babalola wrote:
> This problem is inherent to page caching. Workarounds to avoid varying
> by cookie for anonymous users are conceptually incorrect. If a single
> URL can give different responses depending on who's viewing it, then
> it varies by cookie. Prevent
On Thu, Oct 20, 2011 at 7:45 AM, Jim Dalton wrote:
> There
> is still an exceptionally narrow set of circumstances that would allow me to
> serve a single cached page to all anonymous visitors to my site: namely, I
> can't touch request.user and I can't use CSRF.
This problem is inherent to page
10 matches
Mail list logo
