[Zope3-checkins] SVN: Zope3/branches/3.2/src/zope/app/exception/browser/ backport from trunk rev 71678

Adam Groszer adamg at fw.hu
Tue Jan 2 08:52:01 EST 2007 

Log message for revision 71681:
  backport from trunk rev 71678
  -----------------------------
  Work against squid negative_ttl when unauthorized
  For a complete description of the problem solved see:
  http://mail.zope.org/pipermail/zope3-dev/2006-December/021321.html
  

Changed:
  U   Zope3/branches/3.2/src/zope/app/exception/browser/tests/test_unauthorized.py
  U   Zope3/branches/3.2/src/zope/app/exception/browser/unauthorized.py

-=-
Modified: Zope3/branches/3.2/src/zope/app/exception/browser/tests/test_unauthorized.py
===================================================================
--- Zope3/branches/3.2/src/zope/app/exception/browser/tests/test_unauthorized.py	2007-01-02 13:51:07 UTC (rev 71680)
+++ Zope3/branches/3.2/src/zope/app/exception/browser/tests/test_unauthorized.py	2007-01-02 13:52:00 UTC (rev 71681)
@@ -75,6 +75,14 @@
         # Make sure the response status was set
         self.assertEqual(request.response.getStatus(), 403)
 
+        # check headers that work around squid "negative_ttl"
+        self.assertEqual(request.response.getHeader('Expires'),
+                         'Mon, 26 Jul 1997 05:00:00 GMT')
+        self.assertEqual(request.response.getHeader('Pragma'),
+                         'no-cache')
+        self.assertEqual(request.response.getHeader('Cache-Control'),
+                         'no-store, no-cache, must-revalidate')
+        
         # Make sure the auth utility was called
         self.failUnless(self.auth.request is request)
         self.assertEqual(self.auth.principal_id, 23)

Modified: Zope3/branches/3.2/src/zope/app/exception/browser/unauthorized.py
===================================================================
--- Zope3/branches/3.2/src/zope/app/exception/browser/unauthorized.py	2007-01-02 13:51:07 UTC (rev 71680)
+++ Zope3/branches/3.2/src/zope/app/exception/browser/unauthorized.py	2007-01-02 13:52:00 UTC (rev 71681)
@@ -26,6 +26,12 @@
         # Set the error status to 403 (Forbidden) in the case when we don't
         # challenge the user
         self.request.response.setStatus(403)
+
+        # make sure that squid does not keep the response in the cache
+        self.request.response.setHeader('Expires', 'Mon, 26 Jul 1997 05:00:00 GMT')
+        self.request.response.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate')
+        self.request.response.setHeader('Pragma', 'no-cache')
+        
         principal = self.request.principal
         auth = zapi.principals()
         auth.unauthorized(principal.id, self.request)

More information about the Zope3-Checkins mailing list