summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorƁukasz Langa <lukasz@langa.pl>2013-05-18 16:10:14 +0200
committerAymeric Augustin <aymeric.augustin@m4x.org>2013-05-18 17:38:32 +0200
commitbd97f7d0cb72191744552142817184e88ce8841d (patch)
tree744c8cbd6b1d087a56f758ee48dc47ae96747cb6
parent398841d6d3fce45b21bdfcd8385889098079f84a (diff)
Fixed #15201: Marked CACHE_MIDDLEWARE_ANONYMOUS_ONLY as deprecated
-rw-r--r--django/middleware/cache.py11
-rw-r--r--docs/faq/admin.txt6
-rw-r--r--docs/internals/deprecation.txt2
-rw-r--r--docs/ref/settings.txt8
-rw-r--r--docs/releases/1.6.txt17
-rw-r--r--docs/topics/cache.txt12
-rw-r--r--tests/cache/tests.py8
7 files changed, 39 insertions, 25 deletions
diff --git a/django/middleware/cache.py b/django/middleware/cache.py
index 83860e15f3..e13a8c3918 100644
--- a/django/middleware/cache.py
+++ b/django/middleware/cache.py
@@ -29,11 +29,6 @@ More details about how the caching works:
of the response's "Cache-Control" header, falling back to the
CACHE_MIDDLEWARE_SECONDS setting if the section was not found.
-* If CACHE_MIDDLEWARE_ANONYMOUS_ONLY is set to True, only anonymous requests
- (i.e., those not made by a logged-in user) will be cached. This is a simple
- and effective way of avoiding the caching of the Django admin (and any other
- user-specific content).
-
* This middleware expects that a HEAD request is answered with the same response
headers exactly like the corresponding GET request.
@@ -48,6 +43,8 @@ More details about how the caching works:
"""
+import warnings
+
from django.conf import settings
from django.core.cache import get_cache, DEFAULT_CACHE_ALIAS
from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age
@@ -200,5 +197,9 @@ class CacheMiddleware(UpdateCacheMiddleware, FetchFromCacheMiddleware):
else:
self.cache_anonymous_only = cache_anonymous_only
+ if self.cache_anonymous_only:
+ msg = "CACHE_MIDDLEWARE_ANONYMOUS_ONLY has been deprecated and will be removed in Django 1.8."
+ warnings.warn(msg, PendingDeprecationWarning, stacklevel=1)
+
self.cache = get_cache(self.cache_alias, **cache_kwargs)
self.cache_timeout = self.cache.default_timeout
diff --git a/docs/faq/admin.txt b/docs/faq/admin.txt
index 1d9a7c7427..ec40754094 100644
--- a/docs/faq/admin.txt
+++ b/docs/faq/admin.txt
@@ -27,12 +27,6 @@ account has :attr:`~django.contrib.auth.models.User.is_active` and
:attr:`~django.contrib.auth.models.User.is_staff` set to True. The admin site
only allows access to users with those two fields both set to True.
-How can I prevent the cache middleware from caching the admin site?
--------------------------------------------------------------------
-
-Set the :setting:`CACHE_MIDDLEWARE_ANONYMOUS_ONLY` setting to ``True``. See the
-:doc:`cache documentation </topics/cache>` for more information.
-
How do I automatically set a field's value to the user who last edited the object in the admin?
-----------------------------------------------------------------------------------------------
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt
index 774de2a2fd..095b6d0a33 100644
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@@ -390,6 +390,8 @@ these changes.
``django.test.testcases.OutputChecker`` will be removed. Instead use the
doctest module from the Python standard library.
+* The ``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting will be removed.
+
2.0
---
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index eb470cdd14..8ef59064f7 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -280,6 +280,12 @@ CACHE_MIDDLEWARE_ANONYMOUS_ONLY
Default: ``False``
+.. deprecated:: 1.6
+
+ This setting was largely ineffective because of using cookies for sessions
+ and CSRF. See the :doc:`Django 1.6 release notes</releases/1.6>` for more
+ information.
+
If the value of this setting is ``True``, only anonymous requests (i.e., not
those made by a logged-in user) will be cached. Otherwise, the middleware
caches every page that doesn't have GET or POST parameters.
@@ -287,8 +293,6 @@ caches every page that doesn't have GET or POST parameters.
If you set the value of this setting to ``True``, you should make sure you've
activated ``AuthenticationMiddleware``.
-See :doc:`/topics/cache`.
-
.. setting:: CACHE_MIDDLEWARE_KEY_PREFIX
CACHE_MIDDLEWARE_KEY_PREFIX
diff --git a/docs/releases/1.6.txt b/docs/releases/1.6.txt
index ef79e5770c..f8e1fd6339 100644
--- a/docs/releases/1.6.txt
+++ b/docs/releases/1.6.txt
@@ -569,6 +569,23 @@ If necessary, you can temporarily disable auto-escaping with
:func:`~django.utils.safestring.mark_safe` or :ttag:`{% autoescape off %}
<autoescape>`.
+``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+``CacheMiddleware`` used to provide a way to cache requests only if they
+weren't made by a logged-in user. This mechanism was largely ineffective
+because the middleware correctly takes into account the ``Vary: Cookie`` HTTP
+header, and this header is being set on a variety of occasions, such as:
+
+* accessing the session, or
+* using CSRF protection, which is turned on by default, or
+* using a client-side library which sets cookies, like `Google Analytics`__.
+
+This makes the cache effectively work on a per-session basis regardless of the
+``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting.
+
+__ http://www.google.com/analytics/
+
``SEND_BROKEN_LINK_EMAILS`` setting
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/topics/cache.txt b/docs/topics/cache.txt
index a7d54fbeb0..46911a593f 100644
--- a/docs/topics/cache.txt
+++ b/docs/topics/cache.txt
@@ -443,15 +443,9 @@ Then, add the following required settings to your Django settings file:
The cache middleware caches GET and HEAD responses with status 200, where the request
and response headers allow. Responses to requests for the same URL with different
query parameters are considered to be unique pages and are cached separately.
-Optionally, if the :setting:`CACHE_MIDDLEWARE_ANONYMOUS_ONLY`
-setting is ``True``, only anonymous requests (i.e., not those made by a
-logged-in user) will be cached. This is a simple and effective way of disabling
-caching for any user-specific pages (including Django's admin interface). Note
-that if you use :setting:`CACHE_MIDDLEWARE_ANONYMOUS_ONLY`, you should make
-sure you've activated ``AuthenticationMiddleware``. The cache middleware
-expects that a HEAD request is answered with the same response headers as
-the corresponding GET request; in which case it can return a cached GET
-response for HEAD request.
+The cache middleware expects that a HEAD request is answered with the same
+response headers as the corresponding GET request; in which case it can return
+a cached GET response for HEAD request.
Additionally, the cache middleware automatically sets a few headers in each
:class:`~django.http.HttpResponse`:
diff --git a/tests/cache/tests.py b/tests/cache/tests.py
index 4f7ee8b525..231a3bfb50 100644
--- a/tests/cache/tests.py
+++ b/tests/cache/tests.py
@@ -28,8 +28,8 @@ from django.middleware.cache import (FetchFromCacheMiddleware,
from django.template import Template
from django.template.response import TemplateResponse
from django.test import TestCase, TransactionTestCase, RequestFactory
-from django.test.utils import override_settings, six
-from django.utils import timezone, translation, unittest
+from django.test.utils import override_settings, IgnorePendingDeprecationWarningsMixin
+from django.utils import six, timezone, translation, unittest
from django.utils.cache import (patch_vary_headers, get_cache_key,
learn_cache_key, patch_cache_control, patch_response_headers)
from django.utils.encoding import force_text
@@ -1592,9 +1592,10 @@ def hello_world_view(request, value):
},
},
)
-class CacheMiddlewareTest(TestCase):
+class CacheMiddlewareTest(IgnorePendingDeprecationWarningsMixin, TestCase):
def setUp(self):
+ super(CacheMiddlewareTest, self).setUp()
self.factory = RequestFactory()
self.default_cache = get_cache('default')
self.other_cache = get_cache('other')
@@ -1602,6 +1603,7 @@ class CacheMiddlewareTest(TestCase):
def tearDown(self):
self.default_cache.clear()
self.other_cache.clear()
+ super(CacheMiddlewareTest, self).tearDown()
def test_constructor(self):
"""