Reputation: 135
django + varnish caching not being stored due to csrf tokens
I have a login form on my homepage. This is causing a csrf token to be set and this is meaning that my page is not being stored in the varnish cache.
How should I get around this?
Upvotes: 0
Views: 1069
Answers (1)
Reputation: 3372
You have two main courses: either give up using varnish to cache the page, or give up having a login form on the page. The CSRF token (which you don't want to lose) will prevent you from successfully caching the page in varnish; even if you take it into account, you're going to end up with a copy of the page for every single person visiting, which defeats the purpose of using varnish.
A solution halfway between the two is to cache the page without login form in varnish, and then insert the login form using Javascript. The main page will be cached, and you should be able to make the login form (pulled via AJAX) fast enough to not cause you problems. Another possible solution would involve putting the login form in an IFRAME, although that complicates matters yet further since you'd have to have something in the response to logging in which worked with Javascript in the main page (that included the IFRAME in the first place) to reload it suitably.
Upvotes: 3
Related Questions
- Why does Django caching cause CSRF violation and faulty template rendering?
- CSRF error when using a cached response
- Using Django's CSRF-protection on views cached by Varnish
- Django caching causes CSRF violations
- Correct way of setting up varnish for caching django sites
- Caching in Django: Redis + Django & Varnish
- Avoiding CSRF tokens
- Django can not delete csrftoken after logout
- Is Varnish compatible with Django Csrf protection?
- Why does Django not generate CSRF or Session Cookies behind a Varnish Proxy?