Fixed #25490 -- Made the logout() view send "no-cache" headers.

This commit is contained in:
Kaleb Elwert 2015-10-01 12:52:18 -07:00 committed by Tim Graham
parent 37a5a36321
commit adcf823359
3 changed files with 13 additions and 0 deletions

View File

@ -92,6 +92,7 @@ def login(request, template_name='registration/login.html',
@deprecate_current_app @deprecate_current_app
@never_cache
def logout(request, next_page=None, def logout(request, next_page=None,
template_name='registration/logged_out.html', template_name='registration/logged_out.html',
redirect_field_name=REDIRECT_FIELD_NAME, redirect_field_name=REDIRECT_FIELD_NAME,

View File

@ -47,6 +47,10 @@ Minor features
subclassed ``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the subclassed ``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the
default value. default value.
* The :func:`~django.contrib.auth.views.logout` view sends "no-cache" headers
to prevent an issue where Safari caches redirects and prevents a user from
being able to log out.
:mod:`django.contrib.contenttypes` :mod:`django.contrib.contenttypes`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

View File

@ -770,6 +770,14 @@ class LogoutTest(AuthViewsTestCase):
response = self.client.get('/logout/') response = self.client.get('/logout/')
self.assertIn('site', response.context) self.assertIn('site', response.context)
def test_logout_doesnt_cache(self):
"""
The logout() view should send "no-cache" headers for reasons described
in #25490.
"""
response = self.client.get('/logout/')
self.assertIn('no-store', response['Cache-Control'])
def test_logout_with_overridden_redirect_url(self): def test_logout_with_overridden_redirect_url(self):
# Bug 11223 # Bug 11223
self.login() self.login()