diff options
| author | mengxun <mengxun1122@163.com> | 2025-08-19 15:40:37 +0800 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-08-21 16:48:36 +0200 |
| commit | ed7c1a56400d64f109f30df3ce697984cdad7c75 (patch) | |
| tree | 7758769f8c2f2167a4ab499ded5973ce63314ed3 | |
| parent | d3cf24e9b415b41f570c9f426b2cd113b5fdb4de (diff) | |
Fixed #36560 -- Prevented UpdateCacheMiddleware from caching responses with Cache-Control 'no-cache' or 'no-store'.
| -rw-r--r-- | django/middleware/cache.py | 13 | ||||
| -rw-r--r-- | tests/cache/tests.py | 25 |
2 files changed, 26 insertions, 12 deletions
diff --git a/django/middleware/cache.py b/django/middleware/cache.py index 10fff365af..8c42a52b4a 100644 --- a/django/middleware/cache.py +++ b/django/middleware/cache.py @@ -100,8 +100,17 @@ class UpdateCacheMiddleware(MiddlewareMixin): ): return response - # Don't cache a response with 'Cache-Control: private' - if "private" in response.get("Cache-Control", ()): + # Don't cache responses when the Cache-Control header is set to + # private, no-cache, or no-store. + cache_control = response.get("Cache-Control", ()) + if any( + directive in cache_control + for directive in ( + "private", + "no-cache", + "no-store", + ) + ): return response # Page timeout takes precedence over the "max-age" and the default diff --git a/tests/cache/tests.py b/tests/cache/tests.py index 0b692194de..c4cf0a84e3 100644 --- a/tests/cache/tests.py +++ b/tests/cache/tests.py @@ -2731,16 +2731,21 @@ class CacheMiddlewareTest(SimpleTestCase): ) cache.clear() - def test_cached_control_private_not_cached(self): - """Responses with 'Cache-Control: private' are not cached.""" - view_with_private_cache = cache_page(3)( - cache_control(private=True)(hello_world_view) - ) - request = self.factory.get("/view/") - response = view_with_private_cache(request, "1") - self.assertEqual(response.content, b"Hello World 1") - response = view_with_private_cache(request, "2") - self.assertEqual(response.content, b"Hello World 2") + def test_cache_control_not_cached(self): + """ + Responses with 'Cache-Control: private/no-cache/no-store' are + not cached. + """ + for cc in ("private", "no-cache", "no-store"): + with self.subTest(cache_control=cc): + view_with_cache = cache_page(3)( + cache_control(**{cc: True})(hello_world_view) + ) + request = self.factory.get("/view/") + response = view_with_cache(request, "1") + self.assertEqual(response.content, b"Hello World 1") + response = view_with_cache(request, "2") + self.assertEqual(response.content, b"Hello World 2") def test_sensitive_cookie_not_cached(self): """ |