From 170b63bad5029544d8ac945ab005ae850cc5f5d4 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 7 May 2019 18:16:43 +0100
Subject: [PATCH] auth: Send Vary: Cookie header for all authentication pages

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/web/auth.py | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/web/auth.py b/src/web/auth.py
index e080ff70..b091a909 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -5,7 +5,16 @@ import tornado.web
 
 from . import base
 
-class AuthenticationMixin(object):
+class CacheMixin(object):
+	def prepare(self):
+		# Mark this as private when someone is logged in
+		if self.current_user:
+			self.add_header("Cache-Control", "private")
+
+		self.add_header("Vary", "Cookie")
+
+
+class AuthenticationMixin(CacheMixin):
 	def authenticate(self, username, password):
 		# Find account
 		account = self.backend.accounts.find_account(username)
@@ -123,12 +132,3 @@ class ActivateHandler(AuthenticationMixin, base.BaseHandler):
 
 		# Redirect to main page
 		self.redirect("/")
-
-
-class CacheMixin(object):
-	def prepare(self):
-		# Mark this as private when someone is logged in
-		if self.current_user:
-			self.add_header("Cache-Control", "private")
-
-		self.add_header("Vary", "Cookie")
-- 
2.39.2