Touch point: documentcloud/documents/decorators.py:27-43.
anonymous_cache_control wraps with vary_on_cookie. Every cookie variation (analytics _ga, Cloudflare's __cf_bm, etc.) fragments the
CDN cache. For anonymous public-document responses, the cookie value doesn't pivot the response — drop the Vary: Cookie and/or replace it with Vary: Authorization.
If vary_on_cookie is needed for the authenticated branch, gate it behind the request.user.is_authenticated check rather than applying it unconditionally.
Touch point:
documentcloud/documents/decorators.py:27-43.anonymous_cache_controlwraps withvary_on_cookie. Every cookie variation (analytics_ga, Cloudflare's__cf_bm, etc.) fragments theCDN cache. For anonymous public-document responses, the cookie value doesn't pivot the response — drop the
Vary: Cookieand/or replace it withVary: Authorization.If
vary_on_cookieis needed for the authenticated branch, gate it behind therequest.user.is_authenticatedcheck rather than applying it unconditionally.