Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow arbitrary request arguments to be cache args #215

Closed
fluffy-critter opened this issue Jun 27, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@fluffy-critter
Copy link
Collaborator

commented Jun 27, 2019

Expected Behavior

Allow a template to accept alternate request arguments as part of the cache key

Current Behavior

Only default view arguments become part of the cache key.

Possible Solution

Either allow all arguments to affect the cache key (which would be a potential DOS attack vector) or provide some sort of annotation mechanism to templates to whitelist additional keys.

Another possibility is to mock the request.args in an object which tracks which args the template actually requests and then make that part of the cache key, but this is getting on the complex side.

The easy solution is to just stop whitelisting request args and worry about the DoS case later. The page cache probably isn’t going to make much of a difference in the face of a concerted attack anyway.

Steps to Reproduce (for bugs)

Context

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.