Fixed #9163 - CsrfMiddleware needs to reset ETag header
Thanks to carljm for report and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
c44fdf6a1e
commit
a02a6fab66
|
@ -101,7 +101,13 @@ class CsrfResponseMiddleware(object):
|
|||
"' /></div>")
|
||||
|
||||
# Modify any POST forms
|
||||
response.content = _POST_FORM_RE.sub(add_csrf_field, response.content)
|
||||
response.content, n = _POST_FORM_RE.subn(add_csrf_field, response.content)
|
||||
if n > 0:
|
||||
# Since the content has been modified, any Etag will now be
|
||||
# incorrect. We could recalculate, but only is we assume that
|
||||
# the Etag was set by CommonMiddleware. The safest thing is just
|
||||
# to delete. See bug #9163
|
||||
del response['ETag']
|
||||
return response
|
||||
|
||||
class CsrfMiddleware(CsrfViewMiddleware, CsrfResponseMiddleware):
|
||||
|
|
|
@ -22,12 +22,12 @@ middleware into your list of installed middleware.
|
|||
How to use it
|
||||
=============
|
||||
|
||||
Add the middleware ``'django.contrib.csrf.middleware.CsrfMiddleware'`` to
|
||||
your list of middleware classes, :setting:`MIDDLEWARE_CLASSES`. It needs to process
|
||||
the response after the SessionMiddleware, so must come before it in the
|
||||
list. It also must process the response before things like compression
|
||||
happen to the response, so it must come after GZipMiddleware in the
|
||||
list.
|
||||
Add the middleware ``'django.contrib.csrf.middleware.CsrfMiddleware'`` to your
|
||||
list of middleware classes, :setting:`MIDDLEWARE_CLASSES`. It needs to process
|
||||
the response after the SessionMiddleware, so must come before it in the list. It
|
||||
also must process the response before things like compression or setting of
|
||||
ETags happen to the response, so it must come after GZipMiddleware,
|
||||
CommonMiddleware and ConditionalGetMiddleware in the list.
|
||||
|
||||
The ``CsrfMiddleware`` class is actually composed of two middleware:
|
||||
``CsrfViewMiddleware`` which performs the checks on incoming requests,
|
||||
|
|
Loading…
Reference in New Issue