Module: check_mk
Branch: master
Commit: e9b329e788b1ff135b94e9ee15ee6b571f1cbe97
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e9b329e788b1ff…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jul 13 14:31:21 2015 +0200
#2459 FIX Preventing caching of all HTTP requests to dynamic pages (*.py)
Especially when opening Check_MK GUI using some kind of proxy or traffic
optimizer it might have happened that those devices were serving cached
(outdated) pages to the user. This was done because the Check_MK GUI
did not set the HTTP headers correctly (when using form based authentication).
This has been fixed now by always setting "Cache-Control: no-cache" for
all dynamic created pages.
---
.werks/2459 | 15 +++++++++++++++
ChangeLog | 1 +
web/htdocs/html_mod_python.py | 10 ++++++----
web/htdocs/index.py | 4 ++++
web/htdocs/main.py | 4 ----
5 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/.werks/2459 b/.werks/2459
new file mode 100644
index 0000000..b9a7e37
--- /dev/null
+++ b/.werks/2459
@@ -0,0 +1,15 @@
+Title: Preventing caching of all HTTP requests to dynamic pages (*.py)
+Level: 1
+Component: multisite
+Class: fix
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1436790538
+
+Especially when opening Check_MK GUI using some kind of proxy or traffic
+optimizer it might have happened that those devices were serving cached
+ (outdated) pages to the user. This was done because the Check_MK GUI
+did not set the HTTP headers correctly (when using form based authentication).
+This has been fixed now by always setting "Cache-Control: no-cache" for
+all dynamic created pages.
diff --git a/ChangeLog b/ChangeLog
index 7ff1e43..9745555 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -66,6 +66,7 @@
* 2393 FIX: Fixed exception "user_confdir" not set in case of exceptions
during login
* 1263 FIX: Fixed handling of urls in views...
* 2396 FIX: LDAP: Fixed handling of LDAP trees having special chars in the path (e.g.
in OU names)...
+ * 2459 FIX: Preventing caching of all HTTP requests to dynamic pages (*.py)...
WATO:
* 2365 Removed old deprecated notification global options for plain emails...
diff --git a/web/htdocs/html_mod_python.py b/web/htdocs/html_mod_python.py
index 6a0c6f5..94df0f8 100644
--- a/web/htdocs/html_mod_python.py
+++ b/web/htdocs/html_mod_python.py
@@ -80,11 +80,9 @@ class html_mod_python(htmllib.html):
c.expires = expires
if not self.req.headers_out.has_key("Set-Cookie"):
- self.req.headers_out.add("Cache-Control",
'no-cache="set-cookie"')
- self.req.err_headers_out.add("Cache-Control",
'no-cache="set-cookie"')
+ self.set_http_header("Cache-Control",
'no-cache="set-cookie"')
- self.req.headers_out.add("Set-Cookie", str(c))
- self.req.err_headers_out.add("Set-Cookie", str(c))
+ self.set_http_header("Set-Cookie", str(c))
def del_cookie(self, varname):
self.set_cookie(varname, '', time.time() - 60)
@@ -159,6 +157,10 @@ class html_mod_python(htmllib.html):
# Needs to set both, headers_out and err_headers_out to be sure to send
# the header on all responses
+ #
+ # FIXME: err_headers_out are sent out when a HTTP error occures (which states are
treated as "errors"?)
+ # AND when no error occures. headers_out is sent out in case of HTTP 200 (only?).
This leads to duplicated
+ # HTTP headers in regular cases. Should be avoided - clean it up!
def set_http_header(self, key, val):
self.req.headers_out.add(key, val)
self.req.err_headers_out.add(key, val)
diff --git a/web/htdocs/index.py b/web/htdocs/index.py
index e411dd0..50b22f2 100644
--- a/web/htdocs/index.py
+++ b/web/htdocs/index.py
@@ -98,6 +98,10 @@ def handler(req, fields = None, profiling = True):
__builtin__.html = html
response_code = apache.OK
+ # Disable caching for all our pages as they are mostly dynamically generated,
+ # user related and are requred to be up-to-date on every refresh
+ html.set_http_header("Cache-Control", "no-cache")
+
try:
# Ajax-Functions want no HTML output in case of an error but
# just a plain server result code of 500
diff --git a/web/htdocs/main.py b/web/htdocs/main.py
index a89ad03..2ce6dd8 100644
--- a/web/htdocs/main.py
+++ b/web/htdocs/main.py
@@ -39,10 +39,6 @@ def page_index():
if start_url.startswith('javascript:'):
start_url = default_start_url
- # Do not cache the index page -> caching problems when page is accessed
- # while not logged in
- #html.req.headers_out.add("Cache-Control", "max-age=7200,
public");
- html.req.headers_out.add("Cache-Control", "no-cache");
if "%s" in config.page_heading:
heading = config.page_heading %
(config.site(defaults.omd_site).get('alias', _("Multisite")))
else: