Fixed #13008 -- Added more Cache-Control headers to never_cache() decorator.

2025-08-04 02:48:35 +00:00 · 2015-04-27 23:56:02 +02:00 · 2015-04-27 23:56:02 +02:00 · 4a438e400b
commit 4a438e400b
parent 82162b4499
7 changed files with 45 additions and 3 deletions
--- a/docs/ref/contrib/admin/index.txt
+++ b/docs/ref/contrib/admin/index.txt
@ -1474,7 +1474,7 @@ templates used by the :class:`ModelAdmin` views:
        url(r'^my_view/$', self.admin_site.admin_view(self.my_view))

    This wrapping will protect ``self.my_view`` from unauthorized access and
-    will apply the ``django.views.decorators.cache.never_cache`` decorator to
+    will apply the :func:`django.views.decorators.cache.never_cache` decorator to
    make sure it is not cached if the cache middleware is active.

    If the page is cacheable, but you still want the permission check to be
--- a/docs/ref/utils.txt
+++ b/docs/ref/utils.txt
@ -65,7 +65,13 @@ need to distinguish caches by the ``Accept-language`` header.

 .. function:: add_never_cache_headers(response)

-    Adds headers to a response to indicate that a page should never be cached.
+    Adds a ``Cache-Control: max-age=0, no-cache, no-store, must-revalidate``
+    header to a response to indicate that a page should never be cached.
+
+    .. versionchanged:: 1.9
+
+        Before Django 1.9, ``Cache-Control: max-age=0`` was sent. This didn't
+        reliably prevent caching in all browsers.

 .. function:: patch_vary_headers(response, newheaders)