[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/exception/browser/ Work against squid negative_ttl when unauthorized

Adam Groszer adamg at fw.hu
Tue Jan 2 08:50:06 EST 2007 

Log message for revision 71678:
  Work against squid negative_ttl when unauthorized
  For a complete description of the problem solved see:
  http://mail.zope.org/pipermail/zope3-dev/2006-December/021321.html

Changed:
  U   Zope3/trunk/src/zope/app/exception/browser/tests/test_unauthorized.py
  U   Zope3/trunk/src/zope/app/exception/browser/unauthorized.py

-=-
Modified: Zope3/trunk/src/zope/app/exception/browser/tests/test_unauthorized.py
===================================================================
--- Zope3/trunk/src/zope/app/exception/browser/tests/test_unauthorized.py	2006-12-29 22:07:05 UTC (rev 71677)
+++ Zope3/trunk/src/zope/app/exception/browser/tests/test_unauthorized.py	2007-01-02 13:50:03 UTC (rev 71678)
@@ -83,6 +83,14 @@
 
         # Make sure the response status was set
         self.assertEqual(request.response.getStatus(), 403)
+        
+        # check headers that work around squid "negative_ttl"
+        self.assertEqual(request.response.getHeader('Expires'),
+                         'Mon, 26 Jul 1997 05:00:00 GMT')
+        self.assertEqual(request.response.getHeader('Pragma'),
+                         'no-cache')
+        self.assertEqual(request.response.getHeader('Cache-Control'),
+                         'no-store, no-cache, must-revalidate')
 
         # Make sure the auth utility was called
         self.failUnless(self.auth.request is request)

Modified: Zope3/trunk/src/zope/app/exception/browser/unauthorized.py
===================================================================
--- Zope3/trunk/src/zope/app/exception/browser/unauthorized.py	2006-12-29 22:07:05 UTC (rev 71677)
+++ Zope3/trunk/src/zope/app/exception/browser/unauthorized.py	2007-01-02 13:50:03 UTC (rev 71678)
@@ -29,6 +29,12 @@
         # Set the error status to 403 (Forbidden) in the case when we don't
         # challenge the user
         self.request.response.setStatus(403)
+        
+        # make sure that squid does not keep the response in the cache
+        self.request.response.setHeader('Expires', 'Mon, 26 Jul 1997 05:00:00 GMT')
+        self.request.response.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate')
+        self.request.response.setHeader('Pragma', 'no-cache')
+
         principal = self.request.principal
         auth = zapi.principals()
         auth.unauthorized(principal.id, self.request)

More information about the Zope3-Checkins mailing list