On Oct 21, 9:17 pm, Jim Dalton wrote:
> On Oct 21, 2011, at 8:04 AM, Kääriäinen Anssi wrote:
>
> > I do not know nearly enough about caching to participate fully in this
> > discussion. But it strikes me that the attempt to have CSRF protected
> > anonymous page cached is not that smart. If you
I think for the moment, the easy fix for anonymous forms it either to
put them on a different page or
to load them with ajax.
This way the forms and thus the tokens gets generated only when
needed.
If caching and performances are a big concern, I think those
alternative are win/win solutions.
Yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/21/2011 07:02 AM, Jim Dalton wrote:
> 1. Fixing #9249 and #15855. I hear your philosophical concerns about
> #9249 but the ubiquity of Google Analytics means we must do fine some
> way to fix it (IMO). Addressing these two tickets would at least
On Oct 21, 2011, at 8:04 AM, Kääriäinen Anssi wrote:
> I do not know nearly enough about caching to participate fully in this
> discussion. But it strikes me that the attempt to have CSRF protected
> anonymous page cached is not that smart. If you have an anonymous submittable
> form, why bothe
oglegroups.com [django-developers@googlegroups.com]
On Behalf Of Jim Dalton [jim.dal...@gmail.com]
Sent: Friday, October 21, 2011 16:02
To: django-developers@googlegroups.com
Subject: Re: The state of per-site/per-view middleware caching in Django
On Oct 20, 2011, at 6:02 PM, Carl Meyer wrote:
On Oct 20, 2011, at 6:02 PM, Carl Meyer wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi Jim,
>
> This is a really useful summary of the current state of things, thanks
> for putting it together.
>
> Re the anonymous/authenticated issue, CSRF token, and Google Analytics
> cookies
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Jim,
This is a really useful summary of the current state of things, thanks
for putting it together.
Re the anonymous/authenticated issue, CSRF token, and Google Analytics
cookies, it all boils down to the same root issue. And Niran is right,
what
Hi...
For PyLucid i made a simple cache middleware [1] simmilar to Django per-site
cache middleware [2]. But i doesn't vary on Cookies and don't cache cookies. I
simply cache only the response content.
Of course: This doesn't solve the problem if "csrfmiddlewaretoken" in content.
Here some p
On Oct 20, 2011, at 10:26 AM, Niran Babalola wrote:
> This problem is inherent to page caching. Workarounds to avoid varying
> by cookie for anonymous users are conceptually incorrect. If a single
> URL can give different responses depending on who's viewing it, then
> it varies by cookie. Prevent
On Thu, Oct 20, 2011 at 7:45 AM, Jim Dalton wrote:
> There
> is still an exceptionally narrow set of circumstances that would allow me to
> serve a single cached page to all anonymous visitors to my site: namely, I
> can't touch request.user and I can't use CSRF.
This problem is inherent to page
I spent the better part of yesterday mucking around in the dregs of Django's
cache middleware and related modules, and in doing so I've come to the
conclusion that, due to an accumulation of hinderances and minor bugs, the
per-site and per-view caching mechanism are effectively broken for many
11 matches
Mail list logo
