From a433a204e29ef70c54c39da35372ddb995735353 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laura=20Kl=C3=BCnder?= <laura@codingcatgirl.de>
Date: Sat, 28 Oct 2017 14:16:58 +0200
Subject: [PATCH] remove etag from API HTML view (because it shows the
 username)

---
 src/c3nav/api/middleware.py | 12 ++++++++++++
 src/c3nav/settings.py       |  1 +
 2 files changed, 13 insertions(+)
 create mode 100644 src/c3nav/api/middleware.py

diff --git a/src/c3nav/api/middleware.py b/src/c3nav/api/middleware.py
new file mode 100644
index 00000000..0f0548dd
--- /dev/null
+++ b/src/c3nav/api/middleware.py
@@ -0,0 +1,12 @@
+class RemoveEtagFromHTMLApiViewMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+
+        if request.path.startswith('/api/'):
+            if response['content-type'].startswith('text/html') and response.has_header('etag'):
+                del response['etag']
+
+        return response
diff --git a/src/c3nav/settings.py b/src/c3nav/settings.py
index 48b1aaf7..2852a514 100644
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@@ -193,6 +193,7 @@ MIDDLEWARE = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'c3nav.api.middleware.RemoveEtagFromHTMLApiViewMiddleware'
 ]
 
 with suppress(ImportError):