Unwanted Cloudflare caching of invoice previews #51

Open
opened 2024-11-25 14:38:05 -05:00 by adam.goldsmith · 0 comments

For whatever reason, Cloudflare is caching event invoice previews as non-private, so that an unauthenticated user can see the contents. Unauthenticated user must know the event id, and make the request within the cache ttl after an authenticated user requests the preview. Not sure if this is Cloudflare not respecting cache-control, or Django not setting it correctly.

For whatever reason, Cloudflare is caching event invoice previews as non-private, so that an unauthenticated user can see the contents. Unauthenticated user must know the event id, and make the request within the cache ttl after an authenticated user requests the preview. Not sure if this is Cloudflare not respecting cache-control, or Django not setting it correctly.
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: CMS/cmsmanage#51
No description provided.