From d968788b57f41b7def88046d1178fd2932a32a4e Mon Sep 17 00:00:00 2001
From: shanghui <shangdahao@gmail.com>
Date: Tue, 6 Feb 2018 13:44:53 +0800
Subject: Fixed #28833 -- Prevented CacheMiddleware from caching responses with
 "Cache-Control: private".

---
 django/middleware/cache.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'django/middleware/cache.py')

diff --git a/django/middleware/cache.py b/django/middleware/cache.py
index 8af0c9db7c..6b320f1db5 100644
--- a/django/middleware/cache.py
+++ b/django/middleware/cache.py
@@ -85,6 +85,10 @@ class UpdateCacheMiddleware(MiddlewareMixin):
         if not request.COOKIES and response.cookies and has_vary_header(response, 'Cookie'):
             return response
 
+        # Don't cache a response with 'Cache-Control: private'
+        if 'private' in response.get('Cache-Control', ()):
+            return response
+
         # Try to get the timeout from the "max-age" section of the "Cache-
         # Control" header before reverting to using the default cache_timeout
         # length.
-- 
cgit v1.3