XViewMiddleware should not be enabled by default.
|Reported by:||anonymous||Owned by:||Jacob|
|Has patch:||no||Needs documentation:||yes|
|Needs tests:||no||Patch needs improvement:||no|
The XViewMiddleware is enabled by default and it is causing problems and confusion, see #7299 and http://toofishes.net/blog/django-middleware-order/ , quoting from there: "I don't really know what XView does, so it is last. It isn't that important.".
- it is enabled by default AND
- its purpose is too vaguely defined: Sends custom X-View HTTP headers to HEAD requests that come from IP addresses defined in the INTERNAL_IPS setting. This is used by Django’s automatic documentation system.
The middleware can be safely disabled and should be documented as such. Although I have looked at the source, I fail to see it's purpose for the general public. The only "automatic documenatation" system I have encountered is the context from exception backtraces. *If* it is used there, this should be stated -- "The automatic documentation system is mainly useful to see exception backtrace context in debug mode. You can disable it in production mode."
Please correct me if I'm wrong.
Change History (7)
comment:2 Changed 9 years ago by
|Triage Stage:||Unreviewed → Design decision needed|
comment:5 Changed 9 years ago by
|milestone:||1.0 maybe → 1.0|
|Owner:||changed from nobody to Jacob|
|Status:||new → assigned|
|Summary:||XViewMiddleware should be documented better → XViewMiddleware should not be enabled by default.|
|Triage Stage:||Design decision needed → Accepted|