Fixed #16384: warn against accessing request.POST/REQUEST in middleware.
Thanks, Tom Christie. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16734 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
d036b87126
commit
0b174ccf0e
1
AUTHORS
1
AUTHORS
|
@ -120,6 +120,7 @@ answer newbie questions, and generally made Django that much better:
|
|||
Sengtha Chay <sengtha@e-khmer.com>
|
||||
ivan.chelubeev@gmail.com
|
||||
Bryan Chow <bryan at verdjn dot com>
|
||||
Tom Christie <tom@tomchristie.com>
|
||||
Antonis Christofides <anthony@itia.ntua.gr>
|
||||
Michal Chruszcz <troll@pld-linux.org>
|
||||
Can Burak Çilingir <canburak@cs.bilgi.edu.tr>
|
||||
|
|
|
@ -238,6 +238,8 @@ could, for example, use custom handlers to enforce user-level quotas, compress
|
|||
data on the fly, render progress bars, and even send data to another storage
|
||||
location directly without storing it locally.
|
||||
|
||||
.. _modifying_upload_handlers_on_the_fly:
|
||||
|
||||
Modifying upload handlers on the fly
|
||||
------------------------------------
|
||||
|
||||
|
|
|
@ -97,6 +97,21 @@ calling ANY other request, view or exception middleware, or the appropriate
|
|||
view; it'll return that :class:`~django.http.HttpResponse`. Response
|
||||
middleware is always called on every response.
|
||||
|
||||
.. note::
|
||||
Accessing :attr:`request.POST <django.http.HttpRequest.POST>` or
|
||||
:attr:`request.REQUEST <django.http.HttpRequest.REQUEST>` inside
|
||||
middleware from ``process_request`` or ``process_view`` will prevent any
|
||||
view running after the middleware from being able to
|
||||
:ref:`modify the upload handlers for the
|
||||
request <modifying_upload_handlers_on_the_fly>`, and should normally be
|
||||
avoided.
|
||||
|
||||
The :class:`~django.middleware.csrf.CsrfViewMiddleware` class can be
|
||||
considered an exception, as it provides the
|
||||
:func:`~django.views.decorators.csrf.csrf_exempt` and
|
||||
:func:`~django.views.decorators.csrf.csrf_protect` decorators which allow
|
||||
views to explicitly control at what point the CSRF validation should occur.
|
||||
|
||||
.. _template-response-middleware:
|
||||
|
||||
``process_template_response``
|
||||
|
|
Loading…
Reference in New Issue