Fixed #27344 -- Made ConditionalGetMiddleware only process GET requests.

tests/middleware/tests.py

@@ -629,6 +629,31 @@ class ConditionalGetMiddlewareTest(SimpleTestCase):
         self.assertEqual(new_response.cookies, self.resp.cookies)
         self.assertNotIn('Content-Language', new_response)
 
+    def test_no_unsafe(self):
+        """
+        ConditionalGetMiddleware shouldn't return a conditional response on an
+        unsafe request. A response has already been generated by the time
+        ConditionalGetMiddleware is called, so it's too late to return a 412
+        Precondition Failed.
+        """
+        get_response = ConditionalGetMiddleware().process_response(self.req, self.resp)
+        etag = get_response['ETag']
+        put_request = RequestFactory().put('/', HTTP_IF_MATCH=etag)
+        put_response = HttpResponse(status=200)
+        conditional_get_response = ConditionalGetMiddleware().process_response(put_request, put_response)
+        self.assertEqual(conditional_get_response.status_code, 200)  # should never be a 412
+
+    def test_no_head(self):
+        """
+        ConditionalGetMiddleware shouldn't compute and return an ETag on a
+        HEAD request since it can't do so accurately without access to the
+        response body of the corresponding GET.
+        """
+        request = RequestFactory().head('/')
+        response = HttpResponse(status=200)
+        conditional_get_response = ConditionalGetMiddleware().process_response(request, response)
+        self.assertNotIn('ETag', conditional_get_response)
+
 
 class XFrameOptionsMiddlewareTest(SimpleTestCase):
     """