mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-25 19:29:14 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #36560 -- Prevented UpdateCacheMiddleware from caching responses with Cache-Control 'no-cache' or 'no-store'.

Browse Source
This commit is contained in:
mengxun 2025-08-19 15:40:37 +08:00 committed by Sarah Boyce
parent d3cf24e9b4
commit ed7c1a5640
2 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
django/middleware/cache.py
View File

@ -100,8 +100,17 @@ class UpdateCacheMiddleware(MiddlewareMixin):
): ):
return response return response
# Don't cache a response with 'Cache-Control: private' # Don't cache responses when the Cache-Control header is set to
if "private" in response.get("Cache-Control", ()): # private, no-cache, or no-store.
cache_control = response.get("Cache-Control", ())
if any(
directive in cache_control
for directive in (
"private",
"no-cache",
"no-store",
)
):
return response return response
# Page timeout takes precedence over the "max-age" and the default # Page timeout takes precedence over the "max-age" and the default

17
tests/cache/tests.py vendored
View File

@ -2731,15 +2731,20 @@ class CacheMiddlewareTest(SimpleTestCase):
) )
cache.clear() cache.clear()
def test_cached_control_private_not_cached(self): def test_cache_control_not_cached(self):
"""Responses with 'Cache-Control: private' are not cached.""" """
view_with_private_cache = cache_page(3)( Responses with 'Cache-Control: private/no-cache/no-store' are
cache_control(private=True)(hello_world_view) not cached.
"""
for cc in ("private", "no-cache", "no-store"):
with self.subTest(cache_control=cc):
view_with_cache = cache_page(3)(
cache_control(**{cc: True})(hello_world_view)
) )
request = self.factory.get("/view/") request = self.factory.get("/view/")
response = view_with_private_cache(request, "1") response = view_with_cache(request, "1")
self.assertEqual(response.content, b"Hello World 1") self.assertEqual(response.content, b"Hello World 1")
response = view_with_private_cache(request, "2") response = view_with_cache(request, "2")
self.assertEqual(response.content, b"Hello World 2") self.assertEqual(response.content, b"Hello World 2")
def test_sensitive_cookie_not_cached(self): def test_sensitive_cookie_not_cached(self):