drf-extensions
drf-extensions copied to clipboard
Caching with CacheResponseMixin & BrowsableApiRenderer caches logged in user
I am not sure whether this is an issue or a misunderstanding on my part.
I am creating a cached viewset via
class MyViewSet(CacheResponseMixin, viewsets.ReadOnlyModelViewSet):
queryset = MyModel.objects.filter(status__name="Public")
serializer_class = MyModelSerializer
...
If I am logged in as a user, the whole rendered response is being cached, including the logged in user rendered in the BrowsableApiRenderer. Thus anonymous users are also able to see the response containing the logged in user:
One possibility would be adding the UserKeyBit
to the key constructor - however this would be overkill, since my API responses are independent of the user being logged in (as of now).
I was somehow assuming that not the whole (including the request user) but only the DRF internal data response is being cached. Anybody have any comments or hints for general approach with caching and user management?
This extension indeed cache whole response (HTML markup). I don't see another solutions than use UserKeyBit.