Changes between Initial Version and Version 1 of Ticket #23939
- Timestamp:
- Nov 30, 2014, 3:42:45 PM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #23939 – Description
initial v1 1 1 Setting a "Vary: Cookie" header when unnecessary is bad for reasons described in e.g. #3586, #6552. It seems that the recently-introduced and on-by-default SessionAuthenticationMiddleware causes this header to always be set. This seems to be caused by the `hasattr(user, 'get_session_auth_hash')` check here: https://github.com/django/django/blob/1.7.1/django/contrib/auth/middleware.py#L34. 2 2 3 To reproduce: start a new empty project with django-admin.py, request the index page, and see that the Vary: Cookie header is present. Commenting-out the middleware's line in settings.py causes the header to no longer be sent.3 To reproduce: start a new empty project with django-admin.py, request the index page, and see that the Vary: Cookie header is present. Commenting-out the middleware's line in settings.py causes the header to disappear. 4 4 5 It might be good to add a testverifying that the above steps never set a Vary: Cookie header.5 It might be good to add a general test case verifying that the above steps never set a Vary: Cookie header.