search

chibisov / drf-extensions

DRF-extensions is a collection of custom extensions for Django REST Framework
http://chibisov.github.io/drf-extensions/docs
MIT License
1.47k stars 208 forks source link

Caching with CacheResponseMixin & BrowsableApiRenderer caches logged in user #148

Open seeholza opened 8 years ago

seeholza commented 8 years ago

I am not sure whether this is an issue or a misunderstanding on my part.

I am creating a cached viewset via

class MyViewSet(CacheResponseMixin, viewsets.ReadOnlyModelViewSet):
   queryset = MyModel.objects.filter(status__name="Public")
   serializer_class = MyModelSerializer
   ...

If I am logged in as a user, the whole rendered response is being cached, including the logged in user rendered in the BrowsableApiRenderer. Thus anonymous users are also able to see the response containing the logged in user: cachedlogin

One possibility would be adding the UserKeyBit to the key constructor - however this would be overkill, since my API responses are independent of the user being logged in (as of now).

I was somehow assuming that not the whole (including the request user) but only the DRF internal data response is being cached. Anybody have any comments or hints for general approach with caching and user management?

SerhiyRomanov commented 5 years ago

This extension indeed cache whole response (HTML markup). I don't see another solutions than use UserKeyBit.