New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

django-cache-headers

Package Overview
Dependencies
Maintainers
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

django-cache-headers

Configurable middleware to add HTTP caching headers for URL's.

  • 0.4
  • PyPI
  • Socket score
Maintainers
2

Django Cache Headers

.. figure:: https://travis-ci.org/praekelt/django-cache-headers.svg?branch=develop :align: center :alt: Travis

Overview

Django Cache Headers allows you to set HTTP caching headers for URL patterns according to certain policies. It does not perform any caching itself - it merely sets the headers on the response which are then interpreted by eg. Varnish.

Doing a truly zero-conf Varnish turned out to be fragile, so Django Cache Headers now generates a VCL file that can be included into or adapted to your default Varnish configuration file.

Installation

  1. Install or add django-cache-headers to your Python path.
  2. Add cache_headers to your INSTALLED_APPS setting.
  3. Add cache_headers.middleware.CacheHeadersMiddleware before SessionMiddleware and AuthenticationMiddleware and MessageMiddleware to your MIDDLEWARE_CLASSES setting.

Policies

Django Cache Headers provides four caching policies. You may define your own policies.:

  1. all-users - response is marked as cached once for all users.
  2. anonymous-only - response is marked as cached once only for anonymous users.
  3. anonymous-and-authenticated - response is marked as cached once for anonymous users and once for authenticated users.
  4. per-user - response is marked as cached once for anonymous users and for each authenticated user individually.

Settings

The timeouts key combines the policy, timeout in seconds and URL regexes in a nested dictionary::

CACHE_HEADERS = {
    "timeouts": {
        "all-users": {
            60: (
                "^/all-users/",
            )
        },
        "anonymous-only": {
            60: (
                "^/anonymous-only/",
            )
        },
        "anonymous-and-authenticated": {
            60: (
                "^/anonymous-and-authenticated/",
            )
        },
        "per-user": {
            60: (
                "^/per-user/",
            )
        },
        "custom-policy": {
            60: (
                "^/custom-policy/",
            )
        }
    }
}

Set browser-cache-seconds to specify how long the browser may cache a response before it has to revalidate with the server. It defaults to 5 seconds.::

CACHE_HEADERS = {"browser-cache-seconds": 10}

Set enable-tampering-checks to enable checks that guard against cache poising by tampering with the cookies. Keep this disabled for most unit tests. Unit test's client.login() does not trigger the normal expected login path.

CACHE_HEADERS = {"enable-tampering-checks": True}

Varnish configuration

Generate the VCL snippet::

python manage.py generate_vcl > /path/to/generated.vcl

Save the contents of sample.vcl <sample.vcl>_ as /etc/varnish/default.vcl. Restart Varnish for the configuration to take effect.

Authors

Praekelt Consulting

  • Hedley Roos
  • Altus Barry

Changelog

0.4

#. Django 2.0 and Python 3 compatibility. Django 1.9 support has been dropped.

0.3.3

#. Fix anonymous-only policy to consider isauthenticated cookie.

0.3.2

#. Ensure isauthenticated cookie expires at end of session if session is set to do so.

0.3.1

#. An anonymous user may in fact have a session. Handle this case gracefully.

0.3

#. Added vcl generation management command, to be used in tandem with varnish. sample.vcl updated to reflect usage. #. Make use of on_user_auth_event to ensure no-cache header is set during login and logout. #. Extra protection against tampered session cookie. #. Policies no longer makes an assumption on the session cookie name.

0.2.2

#. Iterate over regexes in order of most specific (longest) to least specific (shortest). #. Revert OrderedDict change since it is not required anymore due to the above change.

0.2.1

#. Use an OrderedDict for guaranteed policy iteration order.

0.2

#. Ignoring cookies completely when setting headers turned out to be a mistake due to too many security concerns. Restore them.

0.1.3

#. Handle case where user may also be logged in and a cookie not being set.

0.1.2

#. Use the s-maxage header for compatability with Varnish.

0.1.1

#. Leave response untouched if status code is not 200.

0.1

#. Initial release.

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

North Korean APT Lazarus Targets Developers with Malicious npm Package

Research

Security News

North Korean APT Lazarus Targets Developers with Malicious npm Package

Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.

By Kirill Boychenko, Peter van der Zee  -  Jan 29, 2025
CISA Brings KEV Data to GitHub

Security News

CISA Brings KEV Data to GitHub

CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.

By Sarah Gooding  -  Jan 29, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc