drf-extensions icon indicating copy to clipboard operation
drf-extensions copied to clipboard

Published 20 hours ago verified publisher icon chibisov

Caching with CacheResponseMixin & BrowsableApiRenderer caches logged in user

Open flinz opened this issue 8 years ago • 1 comments

I am not sure whether this is an issue or a misunderstanding on my part.

I am creating a cached viewset via

class MyViewSet(CacheResponseMixin, viewsets.ReadOnlyModelViewSet):
   queryset = MyModel.objects.filter(status__name="Public")
   serializer_class = MyModelSerializer
   ...

If I am logged in as a user, the whole rendered response is being cached, including the logged in user rendered in the BrowsableApiRenderer. Thus anonymous users are also able to see the response containing the logged in user: cachedlogin

One possibility would be adding the UserKeyBit to the key constructor - however this would be overkill, since my API responses are independent of the user being logged in (as of now).

I was somehow assuming that not the whole (including the request user) but only the DRF internal data response is being cached. Anybody have any comments or hints for general approach with caching and user management?

flinz avatar May 10 '16 11:05 flinz

This extension indeed cache whole response (HTML markup). I don't see another solutions than use UserKeyBit.

SerhiyRomanov avatar Dec 15 '18 23:12 SerhiyRomanov