#27344: ConditionalGetMiddleware should not operate on unsafe requests
     Reporter:  Kevin Christopher Henry  |      Owner:  nobody
         Type:  Uncategorized            |     Status:  assigned
    Component:  HTTP handling            |    Version:  1.10
     Severity:  Normal                   |   Keywords:
 Triage Stage:  Unreviewed               |  Has patch:  0
Easy pickings:  0                        |      UI/UX:  0
 With unsafe methods (`PUT`, etc.) the appropriate conditional response
 would be a 412 Precondition Failed response, which should prevent the
 request from being carried out. But by definition
 `ConditionalGetMiddleware` acts after the response has been generated, so
 it’s too late. The PR below includes a regression test where the
 middleware inappropriately changes the response to a 412 after applying
 the unsafe operation.

Ticket URL: <https://code.djangoproject.com/ticket/27344>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to