Re: Simplify middlewares (again) and get rid of process_view
Hi Florian, On 5/12/18 10:22 AM, Florian Apolloner wrote: > After refactoring the middlewares to new-style middlewares as we have them > now, I am left with two pain points: > > * atomic requests are still special cased and not in a middleware > * process_view is as useless as always (it can neither alter nor convert > args/kwargs or the view) > > To change this I am proposing the following changes: > > * Deprecate request.urlconf and provide a way to set the urlconf __before__ > the middleware chain is entered > * Resolve view before the middleware chain is entered I'm not sure this part is feasible. It's an intentional part of middleware design AFAIK (and useful) that middleware can modify request.path and have this modification respected in view resolution. Carl -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/0c8e1164-931e-72a9-438c-c099fd7447ad%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
Re: Proposal: security enhancements
If anyone feels competent to review, there's a PR open now for the first part of this, adding Referrer-Policy support: https://github.com/django/django/pull/9953 -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAL13Cg_S%2Bt4s4JN3pRxQbsqbguGExnyiNn8sgHwSJFOO2HqAtQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Fellow Reports -- May 2018
Hi all, Calendar Week 18 -- ending 4th May. Reviewed Patches on: https://code.djangoproject.com/ticket/8936 -- Add view (read-only) permission to admin https://code.djangoproject.com/ticket/29376 -- admin improvement: Take into account `show_save_and_add_another`… https://code.djangoproject.com/ticket/29351 -- Document that ModelAdmin.prepopulated_fields removes stop words https://code.djangoproject.com/ticket/29363 -- Use unittest assertWarns methods instead of warnings.catch_warnings/simplefilter/assertions in the test suite. https://code.djangoproject.com/ticket/23718 -- TEST_MIRROR setting doesn't work as expected (and has no tests) https://code.djangoproject.com/ticket/28687 -- Added a 'Not Empty' option to admin's related filter. https://code.djangoproject.com/ticket/29358 -- Add a system check to prohibit models with more than one primary_key field https://code.djangoproject.com/ticket/28462 -- ModelAdmin.list_editable unusably slow and memory intensive with large datasets https://code.djangoproject.com/ticket/27629 -- Inconsistent check of allow_relation in ForwardManyToOneDescriptor.__set__ https://github.com/django/django/pull/9915 -- Use double quotation marks for csrf form element https://github.com/django/django/pull/9916 -- Update tutorial05.txt Authored: https://code.djangoproject.com/ticket/29373 -- Provide a description for PyPI Triaged: https://code.djangoproject.com/ticket/29365 -- the reverse function does not work in the current application, which was included in the URL using namespace (invalid) Calendar Week 19 -- ending 11th May. Reviewed Patches on: https://code.djangoproject.com/ticket/23718 -- TEST_MIRROR setting doesn't work as expected (and has no tests) https://code.djangoproject.com/ticket/29336 -- No docs for circular inheritance https://code.djangoproject.com/ticket/28462 -- ModelAdmin.list_editable unusably slow and memory intensive with large datasets https://code.djangoproject.com/ticket/29392 -- Command parsing does not handle options that conflict with `--settings`/`--pythonpath` https://code.djangoproject.com/ticket/29379 -- Add autocomplete attribute to contrib.auth fields https://code.djangoproject.com/ticket/21408 -- Fallback to timesince produces erroneous translations in naturaltime https://code.djangoproject.com/ticket/20147 -- Provide an alternative to request.META for accessing HTTP headers https://code.djangoproject.com/ticket/28687 -- Add a 'Not Empty' option to admin's related filter https://github.com/django/django/pull/9930 -- Replaced context by comment in 2 humanize strings Triaged: https://code.djangoproject.com/ticket/29387 -- GenericRelation's on proxy models do not cascade deletion (worksforme: Provided patch. Did not reproduce) https://code.djangoproject.com/ticket/29382 -- don't call objects with __call__ instantly (Duplicate) https://code.djangoproject.com/ticket/29381 -- Move some parts of `django.contrib.auth.models` to `django.contrib.auth.base_user` for reusability (needsinfo) https://code.djangoproject.com/ticket/29281 -- In some cases i18n set_language does not change url language (wontfix) https://code.djangoproject.com/ticket/29346 -- Add "intermediary" kwarg to ModelForm._save_m2m https://code.djangoproject.com/ticket/29364 -- CommonMiddleware.get_full_path_with_slash should raise exception for POST / PUT / PATCH requests even if settings.DEBUG = False (Suggested wontfix) https://code.djangoproject.com/ticket/29386 -- Meta Inheritance for default_permissions (invalid: expected behaviour) https://code.djangoproject.com/ticket/29390 -- trans_null.ngettext() should consider values of -1 as singular (wontfix) https://code.djangoproject.com/ticket/26600 -- map says a queryset is not iterable (Reopened for new reproduce. Then wontfix) https://code.djangoproject.com/ticket/29394 -- Broken urls.py instructions in tutorial 1 (Invalid) Kind Regards, Carlton -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/8cc0d3a9-9ac7-4c2f-9783-df6c88636895%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.