From 4c6ffcf721b9a36b9b7e4730f4f4716cc90a5f02 Mon Sep 17 00:00:00 2001 From: Tai Lee Date: Wed, 31 Jul 2013 17:11:49 +1000 Subject: [PATCH] Fixed #20819 -- Return 404 instead of 500 error when ``staticfiles`` view is used in production. --- django/contrib/staticfiles/views.py | 5 +---- docs/ref/contrib/staticfiles.txt | 6 ++++++ docs/releases/1.7.txt | 8 ++++++++ tests/staticfiles_tests/tests.py | 3 +-- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/django/contrib/staticfiles/views.py b/django/contrib/staticfiles/views.py index f5c42fedf8..7ddc6a1bc2 100644 --- a/django/contrib/staticfiles/views.py +++ b/django/contrib/staticfiles/views.py @@ -11,7 +11,6 @@ except ImportError: # Python 2 from urllib import unquote from django.conf import settings -from django.core.exceptions import ImproperlyConfigured from django.http import Http404 from django.views import static @@ -31,9 +30,7 @@ def serve(request, path, insecure=False, **kwargs): It uses the django.views.static view to serve the found files. """ if not settings.DEBUG and not insecure: - raise ImproperlyConfigured("The staticfiles view can only be used in " - "debug mode or if the --insecure " - "option of 'runserver' is used") + raise Http404 normalized_path = posixpath.normpath(unquote(path)).lstrip('/') absolute_path = finders.find(normalized_path) if not absolute_path: diff --git a/docs/ref/contrib/staticfiles.txt b/docs/ref/contrib/staticfiles.txt index 678ab32a05..7b9a2048b5 100644 --- a/docs/ref/contrib/staticfiles.txt +++ b/docs/ref/contrib/staticfiles.txt @@ -350,6 +350,12 @@ This view function serves static files in development. **insecure**. This is only intended for local development, and should **never be used in production**. +.. versionchanged:: 1.7 + + Will now raise an :exc:`~django.http.Http404` exception instead of + :exc:`~from django.core.exceptions.ImproperlyConfigured` when + :setting:`DEBUG` is ``True``. + .. note:: To guess the served files' content types, this view relies on the diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt index 217fdff287..0d6a3fefdc 100644 --- a/docs/releases/1.7.txt +++ b/docs/releases/1.7.txt @@ -122,6 +122,14 @@ Miscellaneous * Loading empty fixtures emits a ``RuntimeWarning`` rather than raising :class:`~django.core.management.CommandError`. +* :view:`~django.contrib.staticfiles.views.serve` will now raise an + :exc:`~django.http.Http404` exception instead of + :exc:`~from django.core.exceptions.ImproperlyConfigured` when :setting:`DEBUG` + is ``True``. This change removes the need to conditionally add the view to + your root URLconf, which in turn makes it safe to reverse by name. It also + removes the ability for visitors to generate spurious HTTP 500 errors by + requesting static files that don't exist or haven't been collected yet. + Features deprecated in 1.7 ========================== diff --git a/tests/staticfiles_tests/tests.py b/tests/staticfiles_tests/tests.py index bb33c40423..7200037050 100644 --- a/tests/staticfiles_tests/tests.py +++ b/tests/staticfiles_tests/tests.py @@ -650,8 +650,7 @@ class TestServeDisabled(TestServeStatic): settings.DEBUG = False def test_disabled_serving(self): - six.assertRaisesRegex(self, ImproperlyConfigured, 'The staticfiles view ' - 'can only be used in debug mode ', self._response, 'test.txt') + self.assertFileNotFound('test.txt') class TestServeStaticWithDefaultURL(TestServeStatic, TestDefaults):