Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Allow arbitrary request arguments to be cache args #215
Allow a template to accept alternate request arguments as part of the cache key
Only default view arguments become part of the cache key.
Either allow all arguments to affect the cache key (which would be a potential DOS attack vector) or provide some sort of annotation mechanism to templates to whitelist additional keys.
Another possibility is to mock the request.args in an object which tracks which args the template actually requests and then make that part of the cache key, but this is getting on the complex side.
The easy solution is to just stop whitelisting request args and worry about the DoS case later. The page cache probably isn’t going to make much of a difference in the face of a concerted attack anyway.
Steps to Reproduce (for bugs)