Opened 4 years ago
Closed 4 years ago
#32124 closed New feature (fixed)
Allow individual views to opt-out of APPEND_SLASH behaviour.
| Reported by: | Carlton Gibson | Owned by: | Carlton Gibson |
|---|---|---|---|
| Component: | HTTP handling | Version: | 3.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The URL normalisation given by APPEND_SLASH is useful.
I may wish to retain that but also have a sensitive view that opts-out of that behavior, to avoid it being revealed in a potential URL enumeration.
I propose adjusting CommonMiddleware to detect a _should_append_slash boolean attribute on the view itself, to allow such an opt-out.
Change History (4)
comment:1 by , 4 years ago
| Has patch: | set |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
comment:2 by , 4 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
Agreed. I would use should_append_slash (without a leading underscore) and probably add and document only a view decorator (similar to csrf_exempt()).
comment:3 by , 4 years ago
I would use
should_append_slash
No problem. I had in mind do_not_call_in_templates (but, looking it up, it doesn't have an underscore.)
Note:
See TracTickets
for help on using tickets.
PR
Related to #31747