[Zope-CMF] Re: [Warning] Danger from Zope caching,
especially the CMF Caching Policy Manager
Dieter Maurer
dieter at handshake.de
Mon Dec 18 13:33:32 EST 2006
Miles Waller wrote at 2006-12-18 12:57 +0000:
> ...
>At the moment, the CPM fires after rendering, so setting it's own
>headers and overwriting any headers set in the template. If it fired
>before rendering, then a template would be free to set whatever policy
>it wanted.
>
>Is there a special reason why it needs to set the headers after
>rendering, rather than before? I can't think of a reason, but then our
>policies are about as simple as can be.
I expect this was to counter the effect that "recursively" called
templates could trigger the CPM as well. If the CPM is activated
before the actual rendering, then these "recursive" activations
would override the effect of the "top" activation.
The latest CMF version tries to detect "recursive" activations
and suppress them. Nevertheless, your proposal would not be
safe, as shown this this example:
You have a script "someScript" with the following body
container.REQUEST.response.setHeader('Cache-Control', 'no-cache')
...
context.someTemplate(...)
then the call to "someTemplate" may override the "Cache-Control"
set before, even with your proposal.
Of course, the script could set the header after the template call --
*IF* it were aware of the danger. However, I doubt that this will be the
case....
--
Dieter
More information about the Zope-CMF
mailing list