Opened 4 years ago
Closed 4 years ago
#32124 closed New feature (fixed)
Allow individual views to opt-out of APPEND_SLASH behaviour.
Description ¶
The URL normalisation given by APPEND_SLASH is useful.
I may wish to retain that but also have a sensitive view that opts-out of that behavior, to avoid it being revealed in a potential URL enumeration.
I propose adjusting CommonMiddleware
to detect a _should_append_slash
boolean attribute on the view itself, to allow such an opt-out.
Change History (4)
comment:1 by , 4 years ago
Has patch: | set |
---|---|
Owner: | changed from | to
Status: | new → assigned |
comment:2 by , 4 years ago
Triage Stage: | Unreviewed → Accepted |
---|
Agreed. I would use should_append_slash
(without a leading underscore) and probably add and document only a view decorator (similar to csrf_exempt()
).
comment:3 by , 4 years ago
I would use
should_append_slash
No problem. I had in mind do_not_call_in_templates
(but, looking it up, it doesn't have an underscore.)
PR
Related to #31747