[1.1.X] Fixed #9163 - CsrfMiddleware needs to reset ETag header

Thanks to carljm for report and patch.

Backport of r11650 from trunk


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@11651 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2009-10-24 11:27:59 +00:00
parent 84dac3aa82
commit 1f0266bd18
2 changed files with 13 additions and 7 deletions

View File

@ -101,7 +101,13 @@ class CsrfResponseMiddleware(object):
"' /></div>") "' /></div>")
# Modify any POST forms # Modify any POST forms
response.content = _POST_FORM_RE.sub(add_csrf_field, response.content) response.content, n = _POST_FORM_RE.subn(add_csrf_field, response.content)
if n > 0:
# Since the content has been modified, any Etag will now be
# incorrect. We could recalculate, but only is we assume that
# the Etag was set by CommonMiddleware. The safest thing is just
# to delete. See bug #9163
del response['ETag']
return response return response
class CsrfMiddleware(CsrfViewMiddleware, CsrfResponseMiddleware): class CsrfMiddleware(CsrfViewMiddleware, CsrfResponseMiddleware):

View File

@ -22,12 +22,12 @@ middleware into your list of installed middleware.
How to use it How to use it
============= =============
Add the middleware ``'django.contrib.csrf.middleware.CsrfMiddleware'`` to Add the middleware ``'django.contrib.csrf.middleware.CsrfMiddleware'`` to your
your list of middleware classes, :setting:`MIDDLEWARE_CLASSES`. It needs to process list of middleware classes, :setting:`MIDDLEWARE_CLASSES`. It needs to process
the response after the SessionMiddleware, so must come before it in the the response after the SessionMiddleware, so must come before it in the list. It
list. It also must process the response before things like compression also must process the response before things like compression or setting of
happen to the response, so it must come after GZipMiddleware in the ETags happen to the response, so it must come after GZipMiddleware,
list. CommonMiddleware and ConditionalGetMiddleware in the list.
The ``CsrfMiddleware`` class is actually composed of two middleware: The ``CsrfMiddleware`` class is actually composed of two middleware:
``CsrfViewMiddleware`` which performs the checks on incoming requests, ``CsrfViewMiddleware`` which performs the checks on incoming requests,