Changes between Initial Version and Version 1 of Ticket #23939


Ignore:
Timestamp:
11/30/2014 03:42:45 PM (7 years ago)
Author:
Andrew Badr
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #23939 – Description

    initial v1  
    11Setting a "Vary: Cookie" header when unnecessary is bad for reasons described in e.g. #3586, #6552. It seems that the recently-introduced and on-by-default SessionAuthenticationMiddleware causes this header to always be set. This seems to be caused by the `hasattr(user, 'get_session_auth_hash')` check here: https://github.com/django/django/blob/1.7.1/django/contrib/auth/middleware.py#L34.
    22
    3 To reproduce: start a new empty project with django-admin.py, request the index page, and see that the Vary: Cookie header is present. Commenting-out the middleware's line in settings.py causes the header to no longer be sent.
     3To reproduce: start a new empty project with django-admin.py, request the index page, and see that the Vary: Cookie header is present. Commenting-out the middleware's line in settings.py causes the header to disappear.
    44
    5 It might be good to add a test verifying that the above steps never set a Vary: Cookie header.
     5It might be good to add a general test case verifying that the above steps never set a Vary: Cookie header.
Back to Top