summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKaleb Elwert <belak@coded.io>2015-10-01 12:52:18 -0700
committerTim Graham <timograham@gmail.com>2015-10-02 12:29:54 -0400
commitadcf823359d7402fc1f57a2e005cea52905d897d (patch)
tree80ed02d5c32766857b376ce42c23cc6aceeecaae
parent37a5a363215d7c0360ff0a8f57856d373e8c1629 (diff)
Fixed #25490 -- Made the logout() view send "no-cache" headers.
-rw-r--r--django/contrib/auth/views.py1
-rw-r--r--docs/releases/1.10.txt4
-rw-r--r--tests/auth_tests/test_views.py8
3 files changed, 13 insertions, 0 deletions
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index fc8b37823c..6362bf1daf 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -92,6 +92,7 @@ def login(request, template_name='registration/login.html',
@deprecate_current_app
+@never_cache
def logout(request, next_page=None,
template_name='registration/logged_out.html',
redirect_field_name=REDIRECT_FIELD_NAME,
diff --git a/docs/releases/1.10.txt b/docs/releases/1.10.txt
index 66d3828087..52ba47a2d3 100644
--- a/docs/releases/1.10.txt
+++ b/docs/releases/1.10.txt
@@ -47,6 +47,10 @@ Minor features
subclassed ``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the
default value.
+* The :func:`~django.contrib.auth.views.logout` view sends "no-cache" headers
+ to prevent an issue where Safari caches redirects and prevents a user from
+ being able to log out.
+
:mod:`django.contrib.contenttypes`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 19a47a2697..d7a64608b8 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -770,6 +770,14 @@ class LogoutTest(AuthViewsTestCase):
response = self.client.get('/logout/')
self.assertIn('site', response.context)
+ def test_logout_doesnt_cache(self):
+ """
+ The logout() view should send "no-cache" headers for reasons described
+ in #25490.
+ """
+ response = self.client.get('/logout/')
+ self.assertIn('no-store', response['Cache-Control'])
+
def test_logout_with_overridden_redirect_url(self):
# Bug 11223
self.login()