innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #9163 - CsrfMiddleware needs to reset ETag header 

Thanks to carljm for report and patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2009-10-24 10:45:58 +00:00
parent c44fdf6a1e
commit a02a6fab66
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
django/contrib/csrf/middleware.py
View File

@ -101,7 +101,13 @@ class CsrfResponseMiddleware(object):
"' /></div>") "' /></div>")
# Modify any POST forms # Modify any POST forms
response.content = _POST_FORM_RE.sub(add_csrf_field, response.content) response.content, n = _POST_FORM_RE.subn(add_csrf_field, response.content)
if n > 0:
# Since the content has been modified, any Etag will now be
# incorrect. We could recalculate, but only is we assume that
# the Etag was set by CommonMiddleware. The safest thing is just
# to delete. See bug #9163
del response['ETag']
return response return response
class CsrfMiddleware(CsrfViewMiddleware, CsrfResponseMiddleware): class CsrfMiddleware(CsrfViewMiddleware, CsrfResponseMiddleware):

12
docs/ref/contrib/csrf.txt
View File

@ -22,12 +22,12 @@ middleware into your list of installed middleware.
How to use it How to use it
============= =============
Add the middleware ``'django.contrib.csrf.middleware.CsrfMiddleware'`` to Add the middleware ``'django.contrib.csrf.middleware.CsrfMiddleware'`` to your
your list of middleware classes, :setting:`MIDDLEWARE_CLASSES`. It needs to process list of middleware classes, :setting:`MIDDLEWARE_CLASSES`. It needs to process
the response after the SessionMiddleware, so must come before it in the the response after the SessionMiddleware, so must come before it in the list. It
list. It also must process the response before things like compression also must process the response before things like compression or setting of
happen to the response, so it must come after GZipMiddleware in the ETags happen to the response, so it must come after GZipMiddleware,
list. CommonMiddleware and ConditionalGetMiddleware in the list.
The ``CsrfMiddleware`` class is actually composed of two middleware: The ``CsrfMiddleware`` class is actually composed of two middleware:
``CsrfViewMiddleware`` which performs the checks on incoming requests, ``CsrfViewMiddleware`` which performs the checks on incoming requests,