XViewMiddleware should not be enabled by default.
|Reported by:||anonymous||Owned by:||jacob|
|Has patch:||no||Needs documentation:||yes|
|Needs tests:||no||Patch needs improvement:||no|
The XViewMiddleware is enabled by default and it is causing problems and confusion, see #7299 and http://toofishes.net/blog/django-middleware-order/ , quoting from there: "I don't really know what XView does, so it is last. It isn't that important.".
- it is enabled by default AND
- its purpose is too vaguely defined: Sends custom X-View HTTP headers to HEAD requests that come from IP addresses defined in the INTERNAL_IPS setting. This is used by Django’s automatic documentation system.
The middleware can be safely disabled and should be documented as such. Although I have looked at the source, I fail to see it's purpose for the general public. The only "automatic documenatation" system I have encountered is the context from exception backtraces. *If* it is used there, this should be stated -- "The automatic documentation system is mainly useful to see exception backtrace context in debug mode. You can disable it in production mode."
Please correct me if I'm wrong.
Change History (7)
comment:1 Changed 7 years ago by anonymous
- Component changed from Tools to Documentation
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:2 Changed 7 years ago by mrts
- Needs documentation set
- Triage Stage changed from Unreviewed to Design decision needed
comment:5 Changed 7 years ago by jacob
- milestone changed from 1.0 maybe to 1.0
- Owner changed from nobody to jacob
- Status changed from new to assigned
- Summary changed from XViewMiddleware should be documented better to XViewMiddleware should not be enabled by default.
- Triage Stage changed from Design decision needed to Accepted
comment:6 Changed 7 years ago by jacob
- Resolution set to fixed
- Status changed from assigned to closed