Changes between Initial Version and Version 1 of Ticket #34742


Ignore:
Timestamp:
Jul 25, 2023, 4:59:43 PM (16 months ago)
Author:
Troy Sankey
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #34742 – Description

    initial v1  
    1 Current situation:
     1If DEBUG mode is enabled, and APPEND_SLASH is set to True, calling a standard DRF-generated POST, PUT, or PATCH endpoint without a trailing slash will result in intentionally raising a RuntimeError in order to warn developers that API clients should be fixed to include a trailing slash or else the 301 redirect will silently convert the request into a GET and clear the request payload:
    22
    3 If DEBUG mode is enabled, and APPEND_SLASH is set to True, calling a standard DRF-generated POST, PUT, or Patch endpoint without a trailing slash will result in itentionally raising a RuntimeError in order to warn developers that callers must be re-written to include a trailing slash or else it the 301 redirect will convert the request into a GET and clear the request payload:
    4 
    5 https://github.com/pwnage101/django/blob/fbac2a4dd846b52c4f379eacb5bab654fe9540cc/django/middleware/common.py#L86
     3https://github.com/django/django/blob/fbac2a4dd846b52c4f379eacb5bab654fe9540cc/django/middleware/common.py#L86
    64
    75The problem:
    86
    9 The linked code doesn't also do the same for DELETE, so DELETE calls missing trailing slashes are silently converted to GET calls in development environments which could result in uncaught bugs in production.
     7The above linked code doesn't also do the same for DELETE, so DELETE calls missing trailing slashes are silently converted to GET calls in development environments which could result in uncaught bugs in production.
    108
    119I proposed a simple fix: https://github.com/django/django/pull/17072/files
Back to Top