diff options
| author | Kaleb Elwert <belak@coded.io> | 2015-10-01 12:52:18 -0700 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-10-02 12:29:54 -0400 |
| commit | adcf823359d7402fc1f57a2e005cea52905d897d (patch) | |
| tree | 80ed02d5c32766857b376ce42c23cc6aceeecaae | |
| parent | 37a5a363215d7c0360ff0a8f57856d373e8c1629 (diff) | |
Fixed #25490 -- Made the logout() view send "no-cache" headers.
| -rw-r--r-- | django/contrib/auth/views.py | 1 | ||||
| -rw-r--r-- | docs/releases/1.10.txt | 4 | ||||
| -rw-r--r-- | tests/auth_tests/test_views.py | 8 |
3 files changed, 13 insertions, 0 deletions
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py index fc8b37823c..6362bf1daf 100644 --- a/django/contrib/auth/views.py +++ b/django/contrib/auth/views.py @@ -92,6 +92,7 @@ def login(request, template_name='registration/login.html', @deprecate_current_app +@never_cache def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME, diff --git a/docs/releases/1.10.txt b/docs/releases/1.10.txt index 66d3828087..52ba47a2d3 100644 --- a/docs/releases/1.10.txt +++ b/docs/releases/1.10.txt @@ -47,6 +47,10 @@ Minor features subclassed ``django.contrib.auth.hashers.PBKDF2PasswordHasher`` to change the default value. +* The :func:`~django.contrib.auth.views.logout` view sends "no-cache" headers + to prevent an issue where Safari caches redirects and prevents a user from + being able to log out. + :mod:`django.contrib.contenttypes` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index 19a47a2697..d7a64608b8 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -770,6 +770,14 @@ class LogoutTest(AuthViewsTestCase): response = self.client.get('/logout/') self.assertIn('site', response.context) + def test_logout_doesnt_cache(self): + """ + The logout() view should send "no-cache" headers for reasons described + in #25490. + """ + response = self.client.get('/logout/') + self.assertIn('no-store', response['Cache-Control']) + def test_logout_with_overridden_redirect_url(self): # Bug 11223 self.login() |
