From 8975bba742151a6a3164d5c7df7d793f12a7c5c1 Mon Sep 17 00:00:00 2001
From: Malcolm Tredinnick <malcolm.tredinnick@gmail.com>
Date: Mon, 7 Jul 2008 01:45:19 +0000
Subject: [PATCH] Fixed #4148 -- Changed the way attachments are served to IE
 to avoid some caching and header-related bugs there. Only comes into play
 when Internet Explorer is the user-agent.

Patch from Michael Axiak, with testing from Axis_of_Entropy and Karen Tracey.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7856 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/core/handlers/base.py |  8 ++++--
 django/http/utils.py         | 51 ++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/django/core/handlers/base.py b/django/core/handlers/base.py
index 1fdd7c3d6b..21c71bf6b2 100644
--- a/django/core/handlers/base.py
+++ b/django/core/handlers/base.py
@@ -6,8 +6,12 @@ from django.dispatch import dispatcher
 
 class BaseHandler(object):
     # Changes that are always applied to a response (in this order).
-    response_fixes = [http.fix_location_header,
-            http.conditional_content_removal]
+    response_fixes = [
+        http.fix_location_header,
+        http.conditional_content_removal,
+        http.fix_IE_for_attach,
+        http.fix_IE_for_vary,
+    ]
 
     def __init__(self):
         self._request_middleware = self._view_middleware = self._response_middleware = self._exception_middleware = None
diff --git a/django/http/utils.py b/django/http/utils.py
index f98ca93a37..4dc05a2e33 100644
--- a/django/http/utils.py
+++ b/django/http/utils.py
@@ -31,3 +31,54 @@ def conditional_content_removal(request, response):
     if request.method == 'HEAD':
         response.content = ''
     return response
+
+def fix_IE_for_attach(request, response):
+    """
+    This function will prevent Django from serving a Content-Disposition header
+    while expecting the browser to cache it (only when the browser is IE). This
+    leads to IE not allowing the client to download.
+    """
+    if 'MSIE' not in request.META.get('HTTP_USER_AGENT', '').upper():
+        return response
+
+    offending_headers = ('no-cache', 'no-store')
+    if response.has_header('Content-Disposition'):
+        try:
+            del response['Pragma']
+        except KeyError:
+            pass
+        if response.has_header('Cache-Control'):
+            cache_control_values = [value.strip() for value in
+                    response['Cache-Control'].split(',')
+                    if value.strip().lower() not in offending_headers]
+
+            if not len(cache_control_values):
+                del response['Cache-Control']
+            else:
+                response['Cache-Control'] = ', '.join(cache_control_values)
+
+    return response
+
+def fix_IE_for_vary(request, response):
+    """
+    This function will fix the bug reported at
+    http://support.microsoft.com/kb/824847/en-us?spid=8722&sid=global
+    by clearing the Vary header whenever the mime-type is not safe
+    enough for Internet Explorer to handle.  Poor thing.
+    """
+    if 'MSIE' not in request.META.get('HTTP_USER_AGENT', '').upper():
+        return response
+
+    # These mime-types that are decreed "Vary-safe" for IE:
+    safe_mime_types = ('text/html', 'text/plain', 'text/sgml')
+
+    # The first part of the Content-Type field will be the MIME type,
+    # everything after ';', such as character-set, can be ignored.
+    if response['Content-Type'].split(';')[0] not in safe_mime_types:
+        try:
+            del response['Vary']
+        except KeyError:
+            pass
+
+    return response
+