id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
16384	Documentation should warn against accessing request.POST in middleware	Tom Christie	Tom Christie	"This page https://docs.djangoproject.com/en/dev/topics/http/middleware/ ought to include a note warning against accessing request.POST in middleware.

As per Jacob's comment in #613, middleware that hits `request.POST` should (usually) be considered a bug.  It means that the view will be unable to set any custom upload handlers, perform custom parsing of the request body, or enforce permission checks prior to file uploads being accepted.

I'll provide a patch for this when I get a moment.  I'd expect the text to be something like:

""Accessing `request.POST` or `request.REQUEST` inside middleware from `process_request` or `process_view` is bad practice, and should be avoided. (*)
Doing so will prevent any view running after the middleware from being able to modify the upload handlers for the request (link), or being able to access the request content using `request.read()` or `request.raw_post_data`.

(*) The `CSRFMiddleware` can be considered an exception, as it can be disabled by using the `@csrf_exempt` decorator.""

Any suggestions for tweaks to the text or opinions on if/where this should be added on the page?...  "	Bug	closed	Documentation	1.3	Normal	fixed			Ready for checkin	1	0	0	0	0	0