django1/django/middleware/http.py

from django.utils.http import http_date

class ConditionalGetMiddleware(object):
    """
    Handles conditional GET operations. If the response has a ETag or
    Last-Modified header, and the request has If-None-Match or
    If-Modified-Since, the response is replaced by an HttpNotModified.

    Also sets the Date and Content-Length response-headers.
    """
    def process_response(self, request, response):
        response['Date'] = http_date()
        if not response.has_header('Content-Length'):
            response['Content-Length'] = str(len(response.content))

        if response.has_header('ETag'):
            if_none_match = request.META.get('HTTP_IF_NONE_MATCH', None)
            if if_none_match == response['ETag']:
                # Setting the status is enough here. The response handling path
                # automatically removes content for this status code (in
                # http.conditional_content_removal()).
                response.status_code = 304

        if response.has_header('Last-Modified'):
            if_modified_since = request.META.get('HTTP_IF_MODIFIED_SINCE', None)
            if if_modified_since == response['Last-Modified']:
                # Setting the status code is enough here (same reasons as
                # above).
                response.status_code = 304

        return response

class SetRemoteAddrFromForwardedFor(object):
    """
    Middleware that sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, if the
    latter is set. This is useful if you're sitting behind a reverse proxy that
    causes each request's REMOTE_ADDR to be set to 127.0.0.1.

    Note that this does NOT validate HTTP_X_FORWARDED_FOR. If you're not behind
    a reverse proxy that sets HTTP_X_FORWARDED_FOR automatically, do not use
    this middleware. Anybody can spoof the value of HTTP_X_FORWARDED_FOR, and
    because this sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, that means
    anybody can "fake" their IP address. Only use this when you can absolutely
    trust the value of HTTP_X_FORWARDED_FOR.
    """
    def process_request(self, request):
        try:
            real_ip = request.META['HTTP_X_FORWARDED_FOR']
        except KeyError:
            return None
        else:
            # HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs. The
            # client's IP will be the first one.
            real_ip = real_ip.split(",")[0].strip()
            request.META['REMOTE_ADDR'] = real_ip
Fixed #5816 -- Fixed a regression from [6333] that generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-10-31 11:59:40 +08:00			`from django.utils.http import http_date`
Fixed #580 -- Added mega support for generating Vary headers, including some view decorators, and changed the CacheMiddleware to account for the Vary header. Also added GZipMiddleware and ConditionalGetMiddleware, which are no longer handled by CacheMiddleware itself. Also updated the cache.txt and middleware.txt docs. Thanks to Hugo and Sune for the excellent patches git-svn-id: http://code.djangoproject.com/svn/django/trunk@810 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-10-09 08:55:08 +08:00
Fixed #2109 -- Convert old-style classes to new-style classes throughout Django. Thanks, Nicola Larosa git-svn-id: http://code.djangoproject.com/svn/django/trunk@3113 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-06-08 13:00:13 +08:00			`class ConditionalGetMiddleware(object):`
Fixed #580 -- Added mega support for generating Vary headers, including some view decorators, and changed the CacheMiddleware to account for the Vary header. Also added GZipMiddleware and ConditionalGetMiddleware, which are no longer handled by CacheMiddleware itself. Also updated the cache.txt and middleware.txt docs. Thanks to Hugo and Sune for the excellent patches git-svn-id: http://code.djangoproject.com/svn/django/trunk@810 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-10-09 08:55:08 +08:00			`"""`
			`Handles conditional GET operations. If the response has a ETag or`
			`Last-Modified header, and the request has If-None-Match or`
			`If-Modified-Since, the response is replaced by an HttpNotModified.`

			`Also sets the Date and Content-Length response-headers.`
			`"""`
			`def process_response(self, request, response):`
Fixed #5816 -- Fixed a regression from [6333] that generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-10-31 11:59:40 +08:00			`response['Date'] = http_date()`
Fixed #580 -- Added mega support for generating Vary headers, including some view decorators, and changed the CacheMiddleware to account for the Vary header. Also added GZipMiddleware and ConditionalGetMiddleware, which are no longer handled by CacheMiddleware itself. Also updated the cache.txt and middleware.txt docs. Thanks to Hugo and Sune for the excellent patches git-svn-id: http://code.djangoproject.com/svn/django/trunk@810 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-10-09 08:55:08 +08:00			`if not response.has_header('Content-Length'):`
			`response['Content-Length'] = str(len(response.content))`

			`if response.has_header('ETag'):`
			`if_none_match = request.META.get('HTTP_IF_NONE_MATCH', None)`
			`if if_none_match == response['ETag']:`
Fixed #5898 -- Changed a few response processing paths to make things harder to get wrong and easier to get right. Previous behaviour wasn't buggy, but it was harder to use than necessary. We now have automatic HEAD processing always (previously required ConditionalGetMiddleware), middleware benefits from the Location header rewrite, so they can use relative URLs as well, and responses with response codes 1xx, 204 or 304 will always have their content removed, in accordance with the HTTP spec (so it's much harder to indavertently deliver invalid responses). Based on a patch and diagnosis from regexbot@gmail.com. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6662 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-11-11 11:55:44 +08:00			`# Setting the status is enough here. The response handling path`
			`# automatically removes content for this status code (in`
			`# http.conditional_content_removal()).`
Fixed #7046 -- set the response status code correctly in ConditionalGetMiddleware. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7793 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-06-30 15:03:58 +08:00			`response.status_code = 304`
Fixed #580 -- Added mega support for generating Vary headers, including some view decorators, and changed the CacheMiddleware to account for the Vary header. Also added GZipMiddleware and ConditionalGetMiddleware, which are no longer handled by CacheMiddleware itself. Also updated the cache.txt and middleware.txt docs. Thanks to Hugo and Sune for the excellent patches git-svn-id: http://code.djangoproject.com/svn/django/trunk@810 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-10-09 08:55:08 +08:00
			`if response.has_header('Last-Modified'):`
			`if_modified_since = request.META.get('HTTP_IF_MODIFIED_SINCE', None)`
			`if if_modified_since == response['Last-Modified']:`
Fixed #5898 -- Changed a few response processing paths to make things harder to get wrong and easier to get right. Previous behaviour wasn't buggy, but it was harder to use than necessary. We now have automatic HEAD processing always (previously required ConditionalGetMiddleware), middleware benefits from the Location header rewrite, so they can use relative URLs as well, and responses with response codes 1xx, 204 or 304 will always have their content removed, in accordance with the HTTP spec (so it's much harder to indavertently deliver invalid responses). Based on a patch and diagnosis from regexbot@gmail.com. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6662 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-11-11 11:55:44 +08:00			`# Setting the status code is enough here (same reasons as`
			`# above).`
Fixed #7046 -- set the response status code correctly in ConditionalGetMiddleware. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7793 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-06-30 15:03:58 +08:00			`response.status_code = 304`
Fixed #580 -- Added mega support for generating Vary headers, including some view decorators, and changed the CacheMiddleware to account for the Vary header. Also added GZipMiddleware and ConditionalGetMiddleware, which are no longer handled by CacheMiddleware itself. Also updated the cache.txt and middleware.txt docs. Thanks to Hugo and Sune for the excellent patches git-svn-id: http://code.djangoproject.com/svn/django/trunk@810 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-10-09 08:55:08 +08:00
			`return response`
Fixed #2552 -- Added SetRemoteAddrFromForwardedFor middleware and documentation. Thanks, Ian Holsman git-svn-id: http://code.djangoproject.com/svn/django/trunk@3602 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-18 11:12:36 +08:00
			`class SetRemoteAddrFromForwardedFor(object):`
			`"""`
			`Middleware that sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, if the`
			`latter is set. This is useful if you're sitting behind a reverse proxy that`
			`causes each request's REMOTE_ADDR to be set to 127.0.0.1.`

			`Note that this does NOT validate HTTP_X_FORWARDED_FOR. If you're not behind`
			`a reverse proxy that sets HTTP_X_FORWARDED_FOR automatically, do not use`
			`this middleware. Anybody can spoof the value of HTTP_X_FORWARDED_FOR, and`
			`because this sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, that means`
			`anybody can "fake" their IP address. Only use this when you can absolutely`
			`trust the value of HTTP_X_FORWARDED_FOR.`
			`"""`
			`def process_request(self, request):`
			`try:`
			`real_ip = request.META['HTTP_X_FORWARDED_FOR']`
			`except KeyError:`
			`return None`
			`else:`
Fixed #3872, which turns out to not have been a bug in the first place, by reverting [6364]. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6397 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-21 01:03:14 +08:00			`# HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs. The`
			`# client's IP will be the first one.`
			`real_ip = real_ip.split(",")[0].strip()`
Fixed #2552 -- Added SetRemoteAddrFromForwardedFor middleware and documentation. Thanks, Ian Holsman git-svn-id: http://code.djangoproject.com/svn/django/trunk@3602 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-18 11:12:36 +08:00			`request.META['REMOTE_ADDR'] = real_ip`