Opened 13 years ago

Closed 12 years ago

#613 closed enhancement (wontfix)

prevent raw_post_data parsing on defined view functions

Reported by: hugo Owned by: Adrian Holovaty
Component: Core (Other) Version:
Severity: minor Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by hugo)

There should be a way to prevent parsing of POST data for some view functions. This would be usefull for example for view functions that do their own POST parsing, like some view function that parses XMLRPC requests or some other special format. Currently access to POST (either the dict as a whole or some variable in it) will instantiate the QueryDict for the post data and so parse the post raw data - even if it isn't a valid POST query string. That would put high load on the machine if the POST data is rather large - think of a XMLRPC API where ImageField content is transported as base64 data ...

Django currently parses the POST data lazily, but middlware might try to access POST on a request and trigger parsing, even though the function itself never touches POST. So this would be more kind of a safety net.

A idea on how to do it: a decorator that registers a view function into some global dictionary and then a check in BaseHandler.get_response wether the discovered view function is in that global dictionary and if yes, switch the request to a don't-parse-POST state (that needs to be checked in the _get_post property getters in both the WSGRequest and the ModPythonRequest).

Change History (4)

comment:1 Changed 13 years ago by hugo

Description: modified (diff)

comment:2 Changed 13 years ago by Adrian Holovaty

priority: normallowest
Severity: normalminor

comment:3 Changed 12 years ago by Gary Wilson <gary.wilson@…>

Triage Stage: UnreviewedDesign decision needed

comment:4 Changed 12 years ago by Jacob

Resolution: wontfix
Status: newclosed

As long as you don't access request.POST for parsing, it'll never get parsed. Middleware shouldn't look at request.POST, so that's not really a concern (that is, if middleware *does* hit request.POST, it's a bug).

Note: See TracTickets for help on using tickets.
Back to Top