From 28e23306aa53bbbb8fb87db85f99d970b051026c Mon Sep 17 00:00:00 2001
From: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon, 12 May 2014 09:46:22 -0400
Subject: [PATCH] [1.4.x] Dropped fix_IE_for_vary/attach.

This is a security fix. Disclosure following shortly.
---
 django/core/handlers/base.py        |  2 --
 django/http/utils.py                | 54 -----------------------------
 tests/regressiontests/utils/http.py | 44 -----------------------
 3 files changed, 100 deletions(-)

diff --git a/django/core/handlers/base.py b/django/core/handlers/base.py
index a0918bfc41..99f81a65be 100644
--- a/django/core/handlers/base.py
+++ b/django/core/handlers/base.py
@@ -14,8 +14,6 @@ class BaseHandler(object):
     response_fixes = [
         http.fix_location_header,
         http.conditional_content_removal,
-        http.fix_IE_for_attach,
-        http.fix_IE_for_vary,
     ]
 
     def __init__(self):
diff --git a/django/http/utils.py b/django/http/utils.py
index 01808648ba..f98ca93a37 100644
--- a/django/http/utils.py
+++ b/django/http/utils.py
@@ -31,57 +31,3 @@ def conditional_content_removal(request, response):
     if request.method == 'HEAD':
         response.content = ''
     return response
-
-def fix_IE_for_attach(request, response):
-    """
-    This function will prevent Django from serving a Content-Disposition header
-    while expecting the browser to cache it (only when the browser is IE). This
-    leads to IE not allowing the client to download.
-    """
-    useragent = request.META.get('HTTP_USER_AGENT', '').upper()
-    if 'MSIE' not in useragent and 'CHROMEFRAME' not in useragent:
-        return response
-
-    offending_headers = ('no-cache', 'no-store')
-    if response.has_header('Content-Disposition'):
-        try:
-            del response['Pragma']
-        except KeyError:
-            pass
-        if response.has_header('Cache-Control'):
-            cache_control_values = [value.strip() for value in
-                    response['Cache-Control'].split(',')
-                    if value.strip().lower() not in offending_headers]
-
-            if not len(cache_control_values):
-                del response['Cache-Control']
-            else:
-                response['Cache-Control'] = ', '.join(cache_control_values)
-
-    return response
-
-def fix_IE_for_vary(request, response):
-    """
-    This function will fix the bug reported at
-    http://support.microsoft.com/kb/824847/en-us?spid=8722&sid=global
-    by clearing the Vary header whenever the mime-type is not safe
-    enough for Internet Explorer to handle.  Poor thing.
-    """
-    useragent = request.META.get('HTTP_USER_AGENT', '').upper()
-    if 'MSIE' not in useragent and 'CHROMEFRAME' not in useragent:
-        return response
-
-    # These mime-types that are decreed "Vary-safe" for IE:
-    safe_mime_types = ('text/html', 'text/plain', 'text/sgml')
-
-    # The first part of the Content-Type field will be the MIME type,
-    # everything after ';', such as character-set, can be ignored.
-    mime_type = response.get('Content-Type', '').partition(';')[0]
-    if mime_type not in safe_mime_types:
-        try:
-            del response['Vary']
-        except KeyError:
-            pass
-
-    return response
-
diff --git a/tests/regressiontests/utils/http.py b/tests/regressiontests/utils/http.py
index 16c7daa32c..9e05a94118 100644
--- a/tests/regressiontests/utils/http.py
+++ b/tests/regressiontests/utils/http.py
@@ -56,50 +56,6 @@ class TestUtilsHttp(unittest.TestCase):
         ]
         self.assertTrue(result in acceptable_results)
 
-    def test_fix_IE_for_vary(self):
-        """
-        Regression for #16632.
-
-        `fix_IE_for_vary` shouldn't crash when there's no Content-Type header.
-        """
-
-        # functions to generate responses
-        def response_with_unsafe_content_type():
-            r = HttpResponse(content_type="text/unsafe")
-            r['Vary'] = 'Cookie'
-            return r
-
-        def no_content_response_with_unsafe_content_type():
-            # 'Content-Type' always defaulted, so delete it
-            r = response_with_unsafe_content_type()
-            del r['Content-Type']
-            return r
-
-        # request with & without IE user agent
-        rf = RequestFactory()
-        request = rf.get('/')
-        ie_request = rf.get('/', HTTP_USER_AGENT='MSIE')
-
-        # not IE, unsafe_content_type
-        response = response_with_unsafe_content_type()
-        utils.fix_IE_for_vary(request, response)
-        self.assertTrue('Vary' in response)
-
-        # IE, unsafe_content_type
-        response = response_with_unsafe_content_type()
-        utils.fix_IE_for_vary(ie_request, response)
-        self.assertFalse('Vary' in response)
-
-        # not IE, no_content
-        response = no_content_response_with_unsafe_content_type()
-        utils.fix_IE_for_vary(request, response)
-        self.assertTrue('Vary' in response)
-
-        # IE, no_content
-        response = no_content_response_with_unsafe_content_type()
-        utils.fix_IE_for_vary(ie_request, response)
-        self.assertFalse('Vary' in response)
-
     def test_base36(self):
         # reciprocity works
         for n in [0, 1, 1000, 1000000, sys.maxint]: