views,middleware: do not ever cache responses containing an LTPA cookie
This commit is contained in:
parent
ae7ba50a19
commit
5527a4c9a6
|
@ -1,8 +1,13 @@
|
|||
from django.utils.cache import patch_cache_control
|
||||
|
||||
from . import views
|
||||
|
||||
class LTPAMiddleware(object):
|
||||
def process_response(self, request, response):
|
||||
if request.path == '/' or request.path == '/login/':
|
||||
views.add_ltpa_token_to_response(request, response)
|
||||
# prevent client side caching
|
||||
patch_cache_control(response, no_cache=True, no_store=True,
|
||||
must_revalidate=True)
|
||||
return response
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@ import urlparse
|
|||
from django.core.exceptions import ImproperlyConfigured
|
||||
from django.http import HttpResponseRedirect
|
||||
from django.conf import settings
|
||||
from django.views.decorators.cache import cache_control
|
||||
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
|
@ -28,6 +29,7 @@ def add_ltpa_token_to_response(request, response):
|
|||
request.session['ltpa'] = True
|
||||
|
||||
@login_required
|
||||
@cache_control(no_cache=True, not_store=True, must_revalidate=True)
|
||||
def ltpa(request):
|
||||
'''Ask for authentication then generate a cookie'''
|
||||
next_url = request.REQUEST[REDIRECT_FIELD_NAME]
|
||||
|
@ -35,6 +37,7 @@ def ltpa(request):
|
|||
add_ltpa_token_to_response(request, response)
|
||||
return response
|
||||
|
||||
@cache_control(no_cache=True, not_store=True, must_revalidate=True)
|
||||
def logout(request):
|
||||
next_url = urlparse.urljoin(settings.STATIC_URL, 'authentic2/images/ok.png')
|
||||
response = HttpResponseRedirect(next_url)
|
||||
|
|
Reference in New Issue