Using a variety of resources, I've come up with the following django middleware to prevent browser caching for authenticated users:
class NoBrowserCachingMiddleware:
def add_to_header(self, response, key, value):
if response.has_header(key):
values = re.split(r'\s*,\s*', response[key])
if not value in values:
response[key] = ', '.join(values + [value])
else:
response[key] = value
def process_response(self, request, response):
if hasattr(request, 'user') and request.user.is_authenticated():
response['Expires'] = 0
self.add_to_header(response, 'Cache-Control', 'no-cache')
self.add_to_header(respo开发者_运维问答nse, 'Cache-Control', 'no-store')
self.add_to_header(response, 'Cache-Control', 'must-revalidate')
self.add_to_header(response, 'Pragma', 'no-cache') #HTTP 1.0
if request.is_ajax():
return response
if response.status_code != 200:
return response
if 'text/html' not in response['Content-Type']:
return response
# safari back button fix
response.content = response.content.replace('<body', '<body onunload=""')
return response
I would like to remove the piece where I have to modify the response content. If I do, however, Safari will display the previous cached page after a logout if the user hits the back button. Is there any way to prevent this using standard HTTP headers?
Thanks, Pete
精彩评论