#34742: calling a DELETE endpoint without a trailing slash does not thow
RuntimeError in DEBUG mode
-------------------------------------------+------------------------
Reporter: pwnage101 | Owner: (none)
Type: Bug | Status: new
Component: Error reporting | Version: 4.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------------+------------------------
Current situation:
If DEBUG mode is enabled, and APPEND_SLASH is set to True, calling a
standard DRF-generated POST, PUT, or Patch endpoint without a trailing
slash will result in itentionally raising a RuntimeError in order to warn
developers that callers must be re-written to include a trailing slash or
else it the 301 redirect will convert the request into a GET and clear the
request payload:
https://github.com/pwnage101/django/blob/fbac2a4dd846b52c4f379eacb5bab654fe9540cc/django/middleware/common.py#L86
The problem:
The linked code doesn't also do the same for DELETE, so DELETE calls
missing trailing slashes are silently converted to GET calls in
development environments which could result in uncaught bugs in
production.
I proposed a simple fix: https://github.com/django/django/pull/17072/files
--
Ticket URL: <https://code.djangoproject.com/ticket/34742>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701898f0ac1a5-f7a15895-e79c-4be2-a730-926d3d40e8a9-000000%40eu-central-1.amazonses.com.
