[Django] #28833: "Cache-Control: private" responses should not be cached by server
Django
-----------------------------------------------+------------------------
Reporter: Nathan Vander Wilt | Owner: nobody
Type: Uncategorized | Status: new
Component: Core (Cache system) | Version: 1.8
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------------+------------------------
If the "Cache-Control: private" directive is set on a response, it must
not be stored in a shared cache. Django's serverside caching system is a
shared cache, but stores such responses anyway.
A response such as
{{{
Cache-Control: private
Content-Type: text/plain
Here is your own special random number: 42
}}}
should be cacheable only by the user's own browser [more or less], but
Django currently reuses the response for subsequent requests from
''anyone''.
Some workarounds might be:
* use @never_cache or similar to ensure a max-age of 0 which **is**
respected by the cache middleware, but also prevents the users own private
cache from storing
* make sure the response varies on something private to the user (i.e.
`Vary: Cookie`) in which case the entry will still be stored in a shared —
but now less accessible — manner
--
Ticket URL: <https://code.djangoproject.com/ticket/28833>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Nathan Vander Wilt | Owner: nobody
Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham):
* component: Core (Cache system) => HTTP handling
* type: Uncategorized => Cleanup/optimization
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/28833#comment:1>
Django
Reporter: Nathan Vander Wilt | Owner: Srinivas
Type: | Reddy Thatiparthy
Cleanup/optimization | Status: assigned
Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Srinivas Reddy Thatiparthy):
* owner: nobody => Srinivas Reddy Thatiparthy
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/28833#comment:2>
Django
Reporter: Nathan Vander Wilt | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Srinivas Reddy Thatiparthy):
* owner: Srinivas Reddy Thatiparthy => (none)
* status: assigned => new
--
Ticket URL: <https://code.djangoproject.com/ticket/28833#comment:3>
Django
Reporter: Nathan Vander Wilt | Owner:
Cleanup/optimization | Status: assigned
Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by shangdahao):
* owner: (none) => shangdahao
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/28833#comment:4>
Django
Reporter: Nathan Vander Wilt | Owner:
Cleanup/optimization | Status: assigned
Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by shangdahao):
* has_patch: 0 => 1
Comment:
[https://github.com/django/django/pull/9667 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/28833#comment:5>
Django
Reporter: Nathan Vander Wilt | Owner:
Cleanup/optimization | Status: closed
Component: HTTP handling | Version: 1.8
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"d968788b57f41b7def88046d1178fd2932a32a4e" d968788b]:
{{{
#!CommitTicketReference repository=""
revision="d968788b57f41b7def88046d1178fd2932a32a4e"
Fixed #28833 -- Prevented CacheMiddleware from caching responses with
"Cache-Control: private".
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28833#comment:6>