id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
13008	@never_cache decorator should add  'no-cache' & 'no-store'	harm	Markus Bertheau	"I noticed that the never_cache {{{ django/views/decorators/cache.py }}}  does not add all the proper http headers to prevent that a page is cached.
It just adds a max-age=0.  This does _not_ prevent browsers to actually cache that page.
For example when hitting back, firefox will happily show such a page if the connection to the server disappeared.

proposal, let never_cache() act as advertised: '''never''' cache. Let it  add 'no-cache, must-revalidate' to the http response.

something like: {{{ }}}
{{{
#!python
--- virtualenv/src/django/django/utils/cache.py 2010-03-02 15:11:54.000000000 +0100
+++ /tmp/cache.py       2010-03-02 15:11:48.000000000 +0100
@@ -104,6 +104,8 @@
         cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS
     if cache_timeout < 0:
         cache_timeout = 0 # Can't have max-age negative
+        patch_cache_control(response, no_cache=True)
+        patch_cache_control(response, must_revalidate=True)
     if not response.has_header('ETag'):
         response['ETag'] = '""%s""' % md5_constructor(response.content).hexdigest()
     if not response.has_header('Last-Modified'):

}}}"	Bug	closed	Core (Cache system)	dev	Normal	fixed		Oliver Beattie net147	Ready for checkin	1	0	0	0	0	0