patch_cache_control should special case "no-cache"

[thenewguy]

From my cursory reading of ​http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html, it looks like patch_cache_control needs to special case "no-cache".

no-cache
If the no-cache directive does not specify a field-name, then a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent caching even by caches that have been configured to return stale responses to client requests.
If the no-cache directive does specify one or more field-names, then a cache MAY use the response to satisfy a subsequent request, subject to any other restrictions on caching. However, the specified field-name(s) MUST NOT be sent in the response to a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent the re-use of certain header fields in a response, while still allowing caching of the rest of the response.

For example, to integrate a site that uses "Vary: Cookie" with AWS CloudFront, one must use 'Cache-Control: no-cache="Set-Cookie"' if a response does not vary by cookie. (I've confirmed this with AWS support as of 10/31/2014).

patch_cache_control does not treat "no-cache" as a list. If you call patch_cache_control(response, no_cache="Set-Cookie") and then patch_cache_control(response, no_cache="foo"), you end up with 'Cache-Control: no-cache="foo"'

Also, no_cache=True should take precedence over no_cache="foo" regardless of the order it is applied.

I found Ticket https://code.djangoproject.com/ticket/13008 which proposes to add "no-cache" to @never_cache. Just wanted to link it here since they are related.