From 0b5b7d49706b19c29f769f24e56bc6410e6bc29c Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Date: Fri, 12 Dec 2025 13:39:54 +0200
Subject: [PATCH 1/3] Cache different versions of /downloads for Django users

---
 config/nginx.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/config/nginx.conf b/config/nginx.conf
index 420fcd8af..f58a7a5ff 100644
--- a/config/nginx.conf
+++ b/config/nginx.conf
@@ -347,7 +347,6 @@ http {
                         proxy_redirect off;
                         add_header Cache-Control "max-age=604800, public";
                         add_header Surrogate-Control "max-age=604800, stale-if-error=3600, stale-while-revalidate=300";
-                        proxy_hide_header Vary;
                         proxy_pass http://app_server/downloads/;
                 }
 

From feb168bbf7bab8602658bac7598abea6c52dee6e Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Date: Wed, 17 Dec 2025 18:58:07 +0200
Subject: [PATCH 2/3] Revert "Cache different versions of /downloads for Django
 users"

This reverts commit 97046f217419e21f91f8b8306474c99b97fd8d33.
---
 config/nginx.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/nginx.conf b/config/nginx.conf
index f58a7a5ff..420fcd8af 100644
--- a/config/nginx.conf
+++ b/config/nginx.conf
@@ -347,6 +347,7 @@ http {
                         proxy_redirect off;
                         add_header Cache-Control "max-age=604800, public";
                         add_header Surrogate-Control "max-age=604800, stale-if-error=3600, stale-while-revalidate=300";
+                        proxy_hide_header Vary;
                         proxy_pass http://app_server/downloads/;
                 }
 

From 8e1b6564bbac740b190a524235581e9c41b3c6db Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Date: Wed, 17 Dec 2025 19:18:27 +0200
Subject: [PATCH 3/3] Use an endpoint for the release edit button that's only
 rendered for staff users

---
 downloads/views.py                           | 14 ++++++++++++++
 pydotorg/urls.py                             |  2 ++
 templates/downloads/release_detail.html      |  4 +---
 templates/downloads/release_edit_button.html |  3 +++
 4 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 templates/downloads/release_edit_button.html

diff --git a/downloads/views.py b/downloads/views.py
index 41e8839ff..a5f049984 100644
--- a/downloads/views.py
+++ b/downloads/views.py
@@ -267,3 +267,17 @@ def item_pubdate(self, item: Release) -> datetime | None:
                 return timezone.make_aware(item.release_date)
             return item.release_date
         return None
+
+
+class ReleaseEditButton(TemplateView):
+    """Render the release edit button (shown only to staff users).
+
+    This endpoint is not cached, allowing the edit button to appear
+    for staff users even when the release page itself is cached.
+    """
+    template_name = "downloads/release_edit_button.html"
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context["release_pk"] = self.kwargs["pk"]
+        return context
diff --git a/pydotorg/urls.py b/pydotorg/urls.py
index 06da1ecb8..be51ab09a 100644
--- a/pydotorg/urls.py
+++ b/pydotorg/urls.py
@@ -8,6 +8,7 @@
 from django.conf import settings
 
 from cms.views import custom_404
+from downloads.views import ReleaseEditButton
 from users.views import HoneypotSignupView, CustomPasswordChangeView
 
 from . import views, urls_api
@@ -19,6 +20,7 @@
     path('', views.IndexView.as_view(), name='home'),
     re_path(r'^_health/?', views.health, name='health'),
     path('authenticated', views.AuthenticatedView.as_view(), name='authenticated'),
+    path('release-edit-button/<int:pk>', ReleaseEditButton.as_view(), name='release_edit_button'),
     path('humans.txt', TemplateView.as_view(template_name='humans.txt', content_type='text/plain')),
     path('robots.txt', TemplateView.as_view(template_name='robots.txt', content_type='text/plain')),
     path('funding.json', views.serve_funding_json, name='funding_json'),
diff --git a/templates/downloads/release_detail.html b/templates/downloads/release_detail.html
index a41393711..e57bcec2b 100644
--- a/templates/downloads/release_detail.html
+++ b/templates/downloads/release_detail.html
@@ -22,9 +22,7 @@
 
 {% block content %}
     <article class="text">
-        {% if request.user.is_staff %}
-        <a role="button" class="button" href="{% url 'admin:downloads_release_change' release.pk %}">Edit this release</a>
-        {% endif %}
+        <span data-html-include="{% url 'release_edit_button' release.pk %}"></span>
 
         <header class="article-header">
             <h1 class="page-title">{{ release.name }}</h1>
diff --git a/templates/downloads/release_edit_button.html b/templates/downloads/release_edit_button.html
new file mode 100644
index 000000000..38e45c0b0
--- /dev/null
+++ b/templates/downloads/release_edit_button.html
@@ -0,0 +1,3 @@
+{% if request.user.is_staff %}
+<a role="button" class="button" href="{% url 'admin:downloads_release_change' release_pk %}">Edit this release</a>
+{% endif %}