auth: Send Vary: Cookie header for all authentication pages

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/web/auth.py b/src/web/auth.py
index e080ff70aab054392a2a3f51d2c853d29f96a5a7..b091a90925f455d05ca49413f2c95d59860b59e9 100644 (file)
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -5,7 +5,16 @@ import tornado.web
 
 from . import base
 
 
 from . import base
 

-class AuthenticationMixin(object):
+class CacheMixin(object):
+       def prepare(self):
+               # Mark this as private when someone is logged in
+               if self.current_user:
+                       self.add_header("Cache-Control", "private")
+
+               self.add_header("Vary", "Cookie")
+
+
+class AuthenticationMixin(CacheMixin):

        def authenticate(self, username, password):
                # Find account
                account = self.backend.accounts.find_account(username)
        def authenticate(self, username, password):
                # Find account
                account = self.backend.accounts.find_account(username)


@@ -123,12 +132,3 @@ class ActivateHandler(AuthenticationMixin, base.BaseHandler):
 
                # Redirect to main page
                self.redirect("/")
 
                # Redirect to main page
                self.redirect("/")

-
-
-class CacheMixin(object):
-       def prepare(self):
-               # Mark this as private when someone is logged in
-               if self.current_user:
-                       self.add_header("Cache-Control", "private")
-
-               self.add_header("Vary", "Cookie")