Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Levin Zimmermann
erp5
Commits
f7727e02
Commit
f7727e02
authored
Mar 09, 2022
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ERP5Type.patches.BaseRequest: Do more right after user authentication.
parent
4f477d68
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
40 additions
and
0 deletions
+40
-0
bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testCookieCrumbler.py
...ateItem/portal_components/test.erp5.testCookieCrumbler.py
+11
-0
product/ERP5Type/ZopePatch.py
product/ERP5Type/ZopePatch.py
+1
-0
product/ERP5Type/patches/BaseRequest.py
product/ERP5Type/patches/BaseRequest.py
+28
-0
No files found.
bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testCookieCrumbler.py
View file @
f7727e02
...
@@ -89,6 +89,17 @@ class ERP5CookieCrumblerTests (CookieCrumblerTests):
...
@@ -89,6 +89,17 @@ class ERP5CookieCrumblerTests (CookieCrumblerTests):
self
.
credentials
)
self
.
credentials
)
self
.
assertEqual
(
resp
.
cookies
[
'__ac'
][
'path'
],
'/'
)
self
.
assertEqual
(
resp
.
cookies
[
'__ac'
][
'path'
],
'/'
)
def
testCacheHeaderDisabled
(
self
):
# Cache header is forcibly set on any authenticated user independently from
# CookieCrumbler's presence.
_
,
cc
,
req
,
credentials
=
self
.
_makeSite
()
cc
.
cache_header_value
=
''
req
.
cookies
[
'__ac'
]
=
credentials
req
.
traverse
(
'/'
)
self
.
assertEqual
(
req
.
response
.
headers
.
get
(
'cache-control'
,
''
),
'private'
)
def
test_suite
():
def
test_suite
():
return
unittest
.
makeSuite
(
ERP5CookieCrumblerTests
)
return
unittest
.
makeSuite
(
ERP5CookieCrumblerTests
)
...
...
product/ERP5Type/ZopePatch.py
View file @
f7727e02
...
@@ -51,6 +51,7 @@ from Products.ERP5Type.patches import FSZSQLMethod
...
@@ -51,6 +51,7 @@ from Products.ERP5Type.patches import FSZSQLMethod
from
Products.ERP5Type.patches
import
ActionInformation
from
Products.ERP5Type.patches
import
ActionInformation
from
Products.ERP5Type.patches
import
ActionProviderBase
from
Products.ERP5Type.patches
import
ActionProviderBase
from
Products.ERP5Type.patches
import
ActionsTool
from
Products.ERP5Type.patches
import
ActionsTool
from
Products.ERP5Type.patches
import
BaseRequest
from
Products.ERP5Type.patches
import
CookieCrumbler
from
Products.ERP5Type.patches
import
CookieCrumbler
from
Products.ERP5Type.patches
import
PropertySheets
from
Products.ERP5Type.patches
import
PropertySheets
from
Products.ERP5Type.patches
import
CMFCoreSkinnable
from
Products.ERP5Type.patches
import
CMFCoreSkinnable
...
...
product/ERP5Type/patches/BaseRequest.py
0 → 100644
View file @
f7727e02
# -*- coding: utf-8 -*-
from
functools
import
partial
from
ZPublisher.BaseRequest
import
BaseRequest
def
setCacheControlPrivateForAuthenticatedUser
(
request
,
user
,
validated_hook_
):
# If we are publishing a resource for an authenticated user, forbid shared
# caches from storing it.
# Historially, this was (for some reason) implemented in CookieCrumbler,
# but it does not seem very consistent as it then depends on how the user
# was authenticated. This is a more neutral location.
if
user
.
getUserName
()
!=
'Anonymous User'
:
request
.
response
.
setHeader
(
'Cache-Control'
,
'private'
)
if
validated_hook_
is
not
None
:
return
validated_hook_
(
request
,
user
)
orig_BaseRequest_traverse
=
BaseRequest
.
traverse
def
BaseRequest_traverse
(
self
,
path
,
response
=
None
,
validated_hook
=
None
):
return
orig_BaseRequest_traverse
(
self
,
path
=
path
,
response
=
response
,
validated_hook
=
partial
(
setCacheControlPrivateForAuthenticatedUser
,
validated_hook_
=
validated_hook
,
),
)
BaseRequest
.
traverse
=
BaseRequest_traverse
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment