diff options
| author | Aymeric Augustin <aymeric.augustin@m4x.org> | 2014-05-12 09:37:44 -0400 |
|---|---|---|
| committer | Florian Apolloner <florian@apolloner.eu> | 2014-05-14 10:15:06 +0200 |
| commit | 1abcf3a808b35abae5d425ed4d44cb6e886dc769 (patch) | |
| tree | 48dabd257b4947258c33773702074716e9fac615 /django/http/utils.py | |
| parent | e05a6222cd409bbfd9fd060a3913a956014dc4ab (diff) | |
[1.6.x] Dropped fix_IE_for_vary/attach.
This is a security fix. Disclosure following shortly.
Diffstat (limited to 'django/http/utils.py')
| -rw-r--r-- | django/http/utils.py | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/django/http/utils.py b/django/http/utils.py index e13dc4cbb6..90155cd2ed 100644 --- a/django/http/utils.py +++ b/django/http/utils.py @@ -39,58 +39,3 @@ def conditional_content_removal(request, response): else: response.content = b'' return response - - -def fix_IE_for_attach(request, response): - """ - This function will prevent Django from serving a Content-Disposition header - while expecting the browser to cache it (only when the browser is IE). This - leads to IE not allowing the client to download. - """ - useragent = request.META.get('HTTP_USER_AGENT', '').upper() - if 'MSIE' not in useragent and 'CHROMEFRAME' not in useragent: - return response - - offending_headers = ('no-cache', 'no-store') - if response.has_header('Content-Disposition'): - try: - del response['Pragma'] - except KeyError: - pass - if response.has_header('Cache-Control'): - cache_control_values = [value.strip() for value in - response['Cache-Control'].split(',') - if value.strip().lower() not in offending_headers] - - if not len(cache_control_values): - del response['Cache-Control'] - else: - response['Cache-Control'] = ', '.join(cache_control_values) - - return response - - -def fix_IE_for_vary(request, response): - """ - This function will fix the bug reported at - http://support.microsoft.com/kb/824847/en-us?spid=8722&sid=global - by clearing the Vary header whenever the mime-type is not safe - enough for Internet Explorer to handle. Poor thing. - """ - useragent = request.META.get('HTTP_USER_AGENT', '').upper() - if 'MSIE' not in useragent and 'CHROMEFRAME' not in useragent: - return response - - # These mime-types that are decreed "Vary-safe" for IE: - safe_mime_types = ('text/html', 'text/plain', 'text/sgml') - - # The first part of the Content-Type field will be the MIME type, - # everything after ';', such as character-set, can be ignored. - mime_type = response.get('Content-Type', '').partition(';')[0] - if mime_type not in safe_mime_types: - try: - del response['Vary'] - except KeyError: - pass - - return response |
