From: Michael Tremer Date: Tue, 7 May 2019 17:16:43 +0000 (+0100) Subject: auth: Send Vary: Cookie header for all authentication pages X-Git-Url: http://git.ipfire.org/?p=ipfire.org.git;a=commitdiff_plain;h=170b63bad5029544d8ac945ab005ae850cc5f5d4 auth: Send Vary: Cookie header for all authentication pages Signed-off-by: Michael Tremer --- diff --git a/src/web/auth.py b/src/web/auth.py index e080ff70..b091a909 100644 --- a/src/web/auth.py +++ b/src/web/auth.py @@ -5,7 +5,16 @@ import tornado.web from . import base -class AuthenticationMixin(object): +class CacheMixin(object): + def prepare(self): + # Mark this as private when someone is logged in + if self.current_user: + self.add_header("Cache-Control", "private") + + self.add_header("Vary", "Cookie") + + +class AuthenticationMixin(CacheMixin): def authenticate(self, username, password): # Find account account = self.backend.accounts.find_account(username) @@ -123,12 +132,3 @@ class ActivateHandler(AuthenticationMixin, base.BaseHandler): # Redirect to main page self.redirect("/") - - -class CacheMixin(object): - def prepare(self): - # Mark this as private when someone is logged in - if self.current_user: - self.add_header("Cache-Control", "private") - - self.add_header("Vary", "Cookie")