Code

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#16692 closed Bug (worksforme)

There should be documentation that cautions about using request.raw_post_data and request.POST together

Reported by: lie.1296@… Owned by: nobody
Component: Documentation Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Currently, if you're accessing request.raw_post_data, then request.POST will become empty; there should be a note in the docs about that and telling that if you need to access both, then you should access request.POST first then request.raw_post_data.

Either that, or this bug should be fixed and it should be safe to read request.raw_post_data and request.POST in any order.

Attachments (0)

Change History (2)

comment:1 Changed 3 years ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to worksforme
  • Status changed from new to closed

I'm sorry, but I'm unable to confirm this bug. Could you provide some evidence that it exists?


There are several test cases in the test suite that guarantee that it's possible to read request.POST after accessing request.raw_post_data:

https://code.djangoproject.com/browser/django/trunk/tests/regressiontests/requests/tests.py#L279


I attempted to reproduce the issue anyway.

I wrote this view:

from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def post_data(request):
    raw_post_data = request.raw_post_data
    post_data = request.POST
    return HttpResponse('%(raw_post_data)r\n%(post_data)r\n' % locals(), content_type='text/plain')

Here is the result:

% curl --data foo=bar http://localhost:8000/                                                                                                                                       ~
'foo=bar'
<QueryDict: {u'foo': [u'bar']}>

comment:2 Changed 3 years ago by lie.1296@…

This issue exists in django-1.3, sorry for not noticing that this is already fixed in #15679.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.