I have enabled site-wide Django caching, but the third-party apps I am using have not specified any cache-control expectations. So, I am guessing that their views will get cached.
The problem is that I do not want Django to cache the views of some apps. How do I apply url-level cache control on include()?
url(r"^account/", include("pinax.apps.account.urls")) #How to apply cache control here?
You can't. The per-site cache is achieved through middlewares which considers only request and response instead of specific view.
However, you could achieve this by providing a patched django.middleware.cache.FetchFromCacheMiddleware.
class ManagedFetchFromCacheMiddle(FetchFromCacheMiddleware):
def process_request(self, request):
if should_exempt(request):
request._cache_update_cache = False
return
return super(ManagedFetchFromCacheMiddle, self).process_request(request)
def should_exempt(request):
"""Any predicator to exempt cache on a request
For your case, it looks like
if request.path.startswith('/account/'):
return True
"""
Replace 'django.middleware.cache.FetchFromCacheMiddleware' with the path of the above in MIDDLEWARE_CLASSES.
Maybe generic version of above is suitable for commiting patch to Django community =p
Related
I am trying to optimize my Django web application by leveraging browser caching. I set a Cache-Control header for max-age equal to a year in my home view function returned response. When I load up my site however, and check the response header of some of the images on my home page, the cache-control header isn't there. I tried two different methods of setting the response header. First I tried using Django's built in cache-control decorator. I also tried simply taking the rendered response, and setting the header in my view function before its return statement. Are static images cached differently ?
View Function
def view_home(request, page=None):
# FIND THE HOME PAGE IF WE DO NOT HAVE ONE
# IF NOT FOUND RETURN 404
if not page:
try:
page = WebPage.objects.get(template='home')
except WebPage.DoesNotExist:
raise Http404
try:
billboards = Billboard.get_published_objects()
except Exception as e:
logging.error(e)
billboards = None
project_types = ProjectType.get_published_objects()
budgets = Budget.get_published_objects()
deadlines = Deadline.get_published_objects()
contact_descriptions = ContactDescription.get_published_objects()
contact_form = ContactForm(type_list=project_types, budget_list=budgets,
deadline_list=deadlines, description_list=contact_descriptions)
context = {'page': page, 'billboards': billboards, 'contact_form': contact_form}
set_detail_context(request, context)
template = 'home.html'
# Add Cache control to response header
expiry_date = datetime.datetime.now() + datetime.timedelta(days=7)
response = render(request, template, context)
response['Cache-Control'] = 'max-age=602000'
response['Expires'] = expiry_date
return response
It sounds like you're setting the headers on a per-view basis. But those views are handling specific URLs, which presumably are not the URLs for your static image files. So it won't have any effect on those.
How you set the headers for your static files depends on how you're serving them.
The most straightforward solution is to use the whitenoise app. This serves static files from Django in the same way in both development and production, and has a setting to control the max-age.
If you're using an external server (e.g. ngnix or Apache) you'll need to configure it to set any custom headers. It doesn't have anything to do with Django.
If you're using the Django development server you'll have to opt out of having it handle the static files automatically, and instead use a custom view that sets the headers. (Or you could just not bother when using the development server.)
I am working on a Django 1.4 project and writing one simple application using per-site cache as described here:
https://docs.djangoproject.com/en/dev/topics/cache/#the-per-site-cache
I have correctly setup a local Memcached server and confirmed the pages are being cached.
Then I set CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True because I don't want to cache pages for authenticated users.
I'm testing with a simple view that returns a template with render_to_response and RequestContext to be able to access user information from the template and the caching works well so far, meaning it caches pages just for anonymous users.
And here's my problem. I created another view using a different template that doesn't access user information and noticed that the page was being cached even if the user was authenticated. After testing many things I found that authenticated users were getting a cached page if the template didn't print something from the user context variable. It's very simple to test: print the user on the template and the page won't be cached for an authenticated user, remove the user on the template, refresh the page while authenticated and check the HTTP headers and you will notice you're getting a cached page. You should clear the cache between changes to see the problem more clearly.
I tested a little more and found that I could get rid of the user in the template and print request.user right on the view (which prints to the development server console) and that also fixed the problem of showing a cached page to an authenticated user but that's an ugly hack.
A similar problem was reported here but never got an answer:
https://groups.google.com/d/topic/django-users/FyWmz9csy5g/discussion
I can probably write a conditional decorator to check if user.is_authenticated() and based on that use #never_cache on my view but it seems like that defeats the purpose of using per-site cache, doesn't it?
"""
A decorator to bypass per-site cache if the user is authenticated. Based on django.views.decorators.cache.never_cache.
See: http://stackoverflow.com/questions/12060036/why-django-1-4-per-site-cache-does-not-work-correctly-with-cache-middleware-anon
"""
from django.utils.decorators import available_attrs
from django.utils.cache import add_never_cache_headers
from functools import wraps
def conditional_cache(view_func):
"""
Checks the user and if it's authenticated pass it through never_cache.
This version uses functools.wraps for the wrapper function.
"""
#wraps(view_func, assigned=available_attrs(view_func))
def _wrapped_view_func(request, *args, **kwargs):
response = view_func(request, *args, **kwargs)
if request.user.is_authenticated():
add_never_cache_headers(response)
return response
return _wrapped_view_func
Any suggestions to avoid the need of an extra decorator will be appreciated.
Thanks!
Ok, I just confirmed my "problem" was caused by Django lazy loading the User object.
To confirm it, I just added something like this to my view:
test_var = "some text" + request.user
And I got an error message telling me I couldn't concatenate an str to a SimpleLazyObject. At this point the lazy loading logic hasn't got a real User object yet.
To bypass the lazy loading, hence return a non-cache view for authenticated users, I just needed to access some method or attribute to triggers an actual query on the User object. I ended up with this, which I think it's the simplest way:
bypass_lazyload = request.user.is_authenticated()
My conditional_cache decorator is no longer needed, although it was an interesting exercise.
I may not need to do this when I finish working with my views as I'll access some user methods and attributes on my templates anyway but it's good to know what was going on.
Regards.
As per the title...
Is there a way I can force a particular view (actually a particular JSON-formatted set of results, that will be served to Ajax queries) NEVER to cache in Django?
Thanks!
To be sure, decorate it with #never_cache:
from django.views.decorators.cache import never_cache
#never_cache
def myview(request):
# ...
As in The per-view cache documentation.
Django does not cache views unless you specify a per-view cache.
If you have problems with (cached) Ajax responses, try to add a timestamp to your URL:
e.g. /my_view?ts=23432453453
So you can be sure that your browser does not cache the Ajax responses.
I have a number of sites under one Django application that I would like to implement site wide caching on. However it is proving to be a real hassle.
what happens is that settings.CACHE_MIDDLEWARE_KEY_PREFIX is set once on startup, and I cannot go ahead and change it depending on what the current site is. As a result if a page of url http://website1.com/abc/ is cached then http://website2.com/abc/ renders the cached version of http://website1.com/abc/. Both these websites are running on the same Django instance as this is what Django Sites appears to allow us to do.
Is this an incorrect approach? Because I cannot dynamically set CACHE_MIDDLEWARE_KEY_PREFIX during runtime I am unable to cache multiple sites using Django's Site wide caching. I also am unable to do this for template and view caching.
I get the impression that the way this really needs to be setup is that each site needs its own Django instance which is pretty much identical except for the settings file, which in my case will differ only by the value of CACHE_MIDDLEWARE_KEY_PREFIX. These Django instances all read and write to the same database. This concerns me as it could create a number of new issues.
Am I going down the right track or am I mistaken about how multi site architecture needs to work? I have checked the Django docs and there is not real mention of how to handle caching (that isn't low level caching) for Django applications that serve multiple sites.
(Disclaimer: the following is purely speculation and has not been tested. Consume with a pinch of salt.)
It might be possible to use the vary_on_headers view decorator to include the 'Host' header in the cache key. That should result in cache keys that include the HTTP Host header, thus effectively isolating the caches for your sites.
#vary_on_headers('Host')
def my_view(request):
# ....
Of course, that will only work on a per-view basis, and having to add a decorator to all views can be a big hassle.
Digging into the source of #vary_on_headers reveals the use of patch_vary_headers() which one might be able to use in a middleware to apply the same behaviour on a site level. Something along the lines of:
from django.utils.cache import patch_vary_headers
class VaryByHostMiddleware(object):
def process_response(self, request, response):
patch_vary_headers(response, ('Host',))
return response
I faced this problem recently. What I did based on the documentation was to create a custom method to add the site id to the key used to cache the view.
In settings.py add the KEY_FUNCTION argument:
CACHES = {
'default': {
'BACKEND': 'path.to.backend',
'LOCATION': 'path.to.location',
'TIMEOUT': 60,
'KEY_FUNCTION': 'path.to.custom.make_key_per_site',
'OPTIONS': {
'MAX_ENTRIES': 1000
}
}
}
And my custom make_key method:
def make_key_per_site(key, key_prefix, version):
site_id = ''
try:
site = get_current_site() # Whatever you use to get your site's data
site_id = site['id']
except:
pass
return ':'.join([key_prefix, site_id, str(version), key])
You need to change get_full_path to build_absolute_uri in django.util.cache
def _generate_cache_header_key(key_prefix, request):
"""Returns a cache key for the header cache."""
#path = md5_constructor(iri_to_uri(request.get_full_path()))
path = md5_constructor(iri_to_uri(request.build_absolute_uri())) # patch using full path
cache_key = 'views.decorators.cache.cache_header.%s.%s' % (
key_prefix, path.hexdigest())
return _i18n_cache_key_suffix(request, cache_key)
def _generate_cache_key(request, method, headerlist, key_prefix):
"""Returns a cache key from the headers given in the header list."""
ctx = md5_constructor()
for header in headerlist:
value = request.META.get(header, None)
if value is not None:
ctx.update(value)
#path = md5_constructor(iri_to_uri(request.get_full_path()))
path = md5_constructor(iri_to_uri(request.build_absolute_uri()))
cache_key = 'views.decorators.cache.cache_page.%s.%s.%s.%s' % (
key_prefix, request.method, path.hexdigest(), ctx.hexdigest())
return _i18n_cache_key_suffix(request, cache_key)
Or create you own slightly changed cache middleware for multisite.
http://macrotoma.blogspot.com/2012/06/custom-multisite-caching-on-django.html
The django csrf middleware can't be disabled. I've commented it out from my Middleware of my project but my logins are failing due to missing CSRF issues. I'm working from the Django trunk. How can CSRF cause issues if it is not enabled in middleware?
I have to disable it because there are lots of POST requests on my site that CSRF just breaks. Any feedback on how I can completely disable CSRF in a django trunk project?
The "new' CSRF framework from Django's trunk is also breaking an external site that is coming in and doing a POST on a URL I'm giving them (this is part of a restful API.) I can't disable the CSRF framework as I said earlier, how can I fix this?
Yes, Django csrf framework can be disabled.
To manually exclude a view function from being handled by any CSRF middleware, you can use the csrf_exempt decorator, found in the django.views.decorators.csrf module. For example: (see doc)
from django.views.decorators.csrf import csrf_exempt
#csrf_exempt
def my_view:
return Httpresponse("hello world")
..and then remove {% csrf_token %} inside the forms from your template,or leave other things unchanged if you have not included it in your forms.
You can disable this in middleware.
In your settings.py add a line to MIDDLEWARE_CLASSES:
MIDDLEWARE_CLASSES = (
myapp.disable.DisableCSRF,
)
Create a disable.py in myapp with the following
class DisableCSRF(object):
def process_request(self, request):
setattr(request, '_dont_enforce_csrf_checks', True)
Basically if you set the _dont_enforce_csrf_checks in your request, you should be ok.
See answers below this for a better solution. Since I wrote this, a lot has changed. There are now better ways to disable CSRF.
I feel your pain. It's not acceptable for a framework to change such fundamental functionality. Even if I want to start using this from now on, I have legacy sites on the same machine sharing a copy of django. Changes like this should require major version number revisions. 1.x --> 2.x.
Anyway, to fix it I just commented it out and have stopped updating Django as often.
File: django/middleware/csrf.py
Around line 160:
# check incoming token
# request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
# if request_csrf_token != csrf_token:
# if cookie_is_new:
# # probably a problem setting the CSRF cookie
# return reject("CSRF cookie not set.")
# else:
# return reject("CSRF token missing or incorrect.")
In general, you shouldn't be disabling CSRF protection, since doing so opens up security holes. If you insist, though…
A new way of doing CSRF protection landed in trunk just recently. Is your site by chance still configured to do it the old way? Here are the docs for The New Way™ and here are the docs for The Old Way™.
I simply tried removing the references to csrf middleware classes from my settings.py, it worked. Not sure if this is acceptable. Any comments?
Below two lines were removed -
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.csrf.CsrfResponseMiddleware',
my django version is 1.11. the middleware should be like this:
from django.utils.deprecation import MiddlewareMixin
class DisableCSRF(MiddlewareMixin):
def process_request(self, request):
setattr(request, '_dont_enforce_csrf_checks', True)