Commits

Jesper Nøhr committed c2b087f

must vary on auth-header for oauth, adding simpler test to catch regression deletion cache bug

Comments (0)

Files changed (1)

piston/resource.py

 from django.http import HttpResponse, Http404, HttpResponseNotAllowed, HttpResponseForbidden
+from django.views.decorators.vary import vary_on_headers
 from emitters import Emitter
 from handler import typemapper
 from utils import coerce_put_post, FormValidationError
         else:
             self.authentication = authentication
     
+    @vary_on_headers('Authorization')
     def __call__(self, request, *args, **kwargs):
+        """
+        NB: Sends a `Vary` header so we don't cache requests
+        that are different (OAuth stuff in `Authorization` header.)
+        """
         if not self.authentication.is_authenticated(request):
             return self.authentication.challenge()