Changes between Initial Version and Version 3 of Ticket #4994


Ignore:
Timestamp:
10/12/2016 12:37:59 PM (3 years ago)
Author:
Tim Graham
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #4994

    • Property Status changed from new to closed
    • Property Severity changed from to Normal
    • Property Resolution changed from to fixed
    • Property Easy pickings unset
    • Property UI/UX unset
    • Property Type changed from to Bug
    • Property Triage Stage changed from Unreviewed to Ready for checkin
  • Ticket #4994 – Description

    initial v3  
    11The CommonMiddleware functionality generates a new HTTP Response object (304) when the E-Tag matches.  This new response does not include the Set-Cookie header, which then breaks the login page from django.contrib.auth.views.login.
    22
    3 This also violates the Cookie specification (see [http://wp.netscape.com/newsref/std/cookie_spec.html]): If a proxy server receives a response which contains a Set-cookie header, it should propagate the Set-cookie header to the client, regardless of whether the response was 304 (Not Modified) or 200 (OK).
     3This also violates [https://curl.haxx.se/rfc/cookie_spec.html the Cookie specification]: If a proxy server receives a response which contains a Set-cookie header, it should propagate the Set-cookie header to the client, regardless of whether the response was 304 (Not Modified) or 200 (OK).
     4
     5Apache has [https://bz.apache.org/bugzilla/show_bug.cgi?id=18388 similar behavior].
    46
    57The attached patch solves this by moving any set cookies over into the new response object.
Back to Top