#28155: Security system checks do not ignore MIDDLEWARE_CLASSES when MIDDLEWARE
is
defined
------------------------------------------------+------------------------
Reporter: Pritam Baral | Owner: nobody
Type: Bug | Status: new
Component: Core (System checks) | Version: 1.11
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
------------------------------------------------+------------------------
`1_10.W001` says "Since you've set MIDDLEWARE, the value of
MIDDLEWARE_CLASSES is ignored"
But security system checks for session and csrf middleware check for
`MIDDLEWARE_CLASSES` first and only if that fails do they check for
`MIDDLEWARE`, contrary to what the compatibility system checks say.
The issue is compounded by the fact that `global_settings.py` defines
`MIDDLEWARE_CLASSES` to contain two middlewares (one of which is csrf). So
to disable csrf, one not only has to define `MIDDLEWARE` without including
the csrf middleware in it, one also has to override and set
`MIDDLEWARE_CLASSES = []`. At which point, the compatibility system check
`1_10.W001` fires up.
--
Ticket URL: <https://code.djangoproject.com/ticket/28155>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/054.fe558e01be773d8e2d9c8bd67f90bfb5%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
