id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
19124	request.POST contains the raw_post_body as its first key	sam@…	nobody	"If I define a view like this:


{{{
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def blabityblah(request):
    return HttpResponse(repr(request.POST))
}}}

And request it like this:

{{{
import requests
requests.post('/blabityblah', data=json.dumps({'abcd':'1234'}), headers={'content-type': 'application/json'})
}}}

I expect there to be no values in `request.REQUEST` however, this is what is returned:

{{{
<QueryDict: {u'{""abc"": ""1234""}': [u'']}>
}}}

This is broken for multiple reasons:

1. any automated signing of the request using `request.REQUEST` will be completely broken, as most automated signing schemes use only request bodies encoded with `application/x-www-form-urlencoded` and the request.GET string (looking at you, oauth). in this case, the client may encode and sign the request properly, but django will not report the correct parameters
2. confusing to any user trying to get at the POST data. they should be using `request.raw_post_data` and not `request.POST` - which should be blank

My suggestion is that request.POST should only contain the values from `application/x-www-form-urlencoded` and `multipart/form-data`"	Bug	closed	HTTP handling	1.4	Normal	duplicate	http		Unreviewed	0	0	0	0	0	0