Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The toolbar middleware triggers Vary: Cookie header on non-toolbar pages #6569

Open
duanehutchins opened this issue Dec 4, 2018 · 5 comments
Open

The toolbar middleware triggers Vary: Cookie header on non-toolbar pages #6569

duanehutchins opened this issue Dec 4, 2018 · 5 comments
Labels
kind: bug needs reproduction This issue might have been fixed during the last years status: accepted

Comments

@duanehutchins
Copy link

Summary

The toolbar middleware triggers Vary: Cookie header on non-toolbar pages because it checks the session unnecessarily. This breaks caching.

Expected behaviour

Do not check session variables if there is no toolbar on the page.

Actual behaviour

The toolbar middleware triggers Vary: Cookie HTTP header on non-toolbar pages, which breaks caching. This happens because cms.middleware.toolbar.ToolbarMiddleware checks for session variables, which then causes the session middleware to send the Vary: Cookie header.

Environment

  • Python version: 3.6.6
  • Django version: 1.11.15
  • django CMS version: 3.4.5

Possible solutions I can think of:

  • Lazy-load the toolbar.
    • Session is only checked if the toolbar is accessed/used.
    • Users will benefit from it without any changes to their existing code.
  • Add a new CMS setting which disables the toolbar on all pages unless ?edit is in the path.
    • Setting defaults to off, so it does not affect existing sites.
    • Session is only checked if ?edit is in the path.
    • Keeps Vary: Cookie off of the CMS pages while not in edit mode.
    • Can be used in conjunction with the above lazy-load solution.
  • Load the toolbar in middleware via process_template_response only if the template has the cms_toolbar placeholder.
    • However, I'm not sure if this will break existing app hooks or older versions of Django.

I'm willing and able to write the PR for this. Let's please discuss the preferred solution(s).
@tschale
Copy link

tschale commented Apr 16, 2019

Sounds like a good proposal to me.
@divio: Is there an "official" opinion about this?

@victor-yunenko victor-yunenko added the needs reproduction This issue might have been fixed during the last years label Oct 29, 2021
@victor-yunenko
Copy link

Hi @duanehutchins, thank you for raising this! Divio handed over the implementation to django CMS Association and we're currently reviewing all pending tickets.

The proposal sounds reasonable to me, and a PR would be warmly welcomed!

Also might be worth checking the 4.X branch to confirm that the issue still persists there.

@duanehutchins
Copy link
Author

Hi @victor-yunenko ! I wish they replied sooner. I haven't worked with django-cms for a couple years now.

However, I just looked over the 4.x branch code, and there have been some changes that might be resolved the issue already, at least in part, but I'm not sure. I'd have to test to confirm.

I'll try to get some time in the near future to test and maybe mock up a quick patch if it's not already resolved.

@victor-yunenko
Copy link

Thank you!

It also might be related to #6608? If yes then the proposed override there could help.

@duanehutchins
Copy link
Author

Definitely related, but the proposed workaround only helps in specific cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind: bug needs reproduction This issue might have been fixed during the last years status: accepted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@duanehutchins @tschale @victor-yunenko