[Zope-CMF] Re: [Warning] Danger from Zope caching, especially the CMF Caching Policy Manager

Dieter Maurer dieter at handshake.de
Mon Dec 18 13:33:32 EST 2006


Miles Waller wrote at 2006-12-18 12:57 +0000:
> ...
>At the moment, the CPM fires after rendering, so setting it's own 
>headers and overwriting any headers set in the template.  If it fired 
>before rendering, then a template would be free to set whatever policy 
>it wanted.
>
>Is there a special reason why it needs to set the headers after 
>rendering, rather than before?  I can't think of a reason, but then our 
>policies are about as simple as can be.

I expect this was to counter the effect that "recursively" called
templates could trigger the CPM as well. If the CPM is activated
before the actual rendering, then these "recursive" activations
would override the effect of the "top" activation.

The latest CMF version tries to detect "recursive" activations
and suppress them. Nevertheless, your proposal would not be
safe, as shown this this example:

  You have a script "someScript" with the following body

    container.REQUEST.response.setHeader('Cache-Control', 'no-cache')
    ...
    context.someTemplate(...)

then the call to "someTemplate" may override the "Cache-Control"
set before, even with your proposal.

Of course, the script could set the header after the template call --
*IF* it were aware of the danger. However, I doubt that this will be the
case....


-- 
Dieter


More information about the Zope-CMF mailing list