id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
32596	Add a method to CsrfViewMiddleware to encapsulate its referer logic	Chris Jerdonek	Chris Jerdonek	"The `CsrfViewMiddleware` class's [https://github.com/django/django/blob/cac9ec73db35a6d38d33f271f4724da486c60e9f/django/middleware/csrf.py#L259-L379 process_view()] method currently clocks in at 120 lines. If a method were added that encapsulates its HTTP referer logic (similar to how `CsrfViewMiddleware._origin_verified()` encapsulates its origin logic), its length could be cut in half. I think this would make the method a lot easier to maintain and understand. For example, in addition to being shorter, one optimization I'm thinking of would be easier to implement. This is because there's no way to ""jump out"" of an if-block, whereas with a method, you can return early.

Given that the reason string for rejecting a request can vary in the referer case, I would suggest a method that raises an exception internal to the module, rather than returning a value. The call could then look something like this (it would go here: https://github.com/django/django/blob/cac9ec73db35a6d38d33f271f4724da486c60e9f/django/middleware/csrf.py#L283):

{{{#!python
elif request.is_secure():
    try:
        self._check_referer(request)
    except _RejectRequest as exc:
        return self._reject(request, exc.reason)
}}}
"	Cleanup/optimization	closed	CSRF	dev	Normal	fixed	CsrfViewMiddleware,referer		Ready for checkin	1	0	0	0	0	0