Opened 7 years ago

Closed 7 years ago

Last modified 3 years ago

#7317 closed (fixed)

XViewMiddleware should not be enabled by default.

Reported by: anonymous Owned by: jacob
Component: Documentation Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: yes
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The XViewMiddleware is enabled by default and it is causing problems and confusion, see #7299 and http://toofishes.net/blog/django-middleware-order/ , quoting from there: "I don't really know what XView does, so it is last. It isn't that important.".

That's because

  • it is enabled by default AND
  • its purpose is too vaguely defined: Sends custom X-View HTTP headers to HEAD requests that come from IP addresses defined in the INTERNAL_IPS setting. This is used by Django’s automatic documentation system.

The middleware can be safely disabled and should be documented as such. Although I have looked at the source, I fail to see it's purpose for the general public. The only "automatic documenatation" system I have encountered is the context from exception backtraces. *If* it is used there, this should be stated -- "The automatic documentation system is mainly useful to see exception backtrace context in debug mode. You can disable it in production mode."

Please correct me if I'm wrong.

Change History (7)

comment:1 Changed 7 years ago by anonymous

  • Component changed from Tools to Documentation
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 7 years ago by mrts

  • Needs documentation set
  • Triage Stage changed from Unreviewed to Design decision needed

Indeed, looks like the XViewMiddleware is not used anywhere internally, perhaps it should not be enabled by default?

$ grep -r XViewMiddleware django/ | egrep -v '(\.svn|\.pyc)'
django/middleware/doc.py:class XViewMiddleware(object):
django/conf/global_settings.py:    'django.middleware.doc.XViewMiddleware',
django/conf/project_template/settings.py:    'django.middleware.doc.XViewMiddleware',
$ grep -r 'X-View' django/ | egrep -v '(\.svn|\.pyc)'
django/middleware/doc.py:    Adds an X-View header to internal HEAD requests -- used by the documentation system.
django/middleware/doc.py:            response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__)

comment:3 Changed 7 years ago by mrts

James explains the purpose of XViewMiddleware quite well http://www.b-list.org/weblog/2007/nov/07/bookmarklets/ . Perhaps some of it could be borrowed for documentation.

As nfa has a separate documentation app not enabled by default, XViewMiddleware should also be disabled by default and enabled only if the former is enabled.

comment:4 Changed 7 years ago by mrts

  • milestone set to 1.0 maybe

Targeting to 1.0-maybe.

comment:5 Changed 7 years ago by jacob

  • milestone changed from 1.0 maybe to 1.0
  • Owner changed from nobody to jacob
  • Status changed from new to assigned
  • Summary changed from XViewMiddleware should be documented better to XViewMiddleware should not be enabled by default.
  • Triage Stage changed from Design decision needed to Accepted

(changed description -- the docs are fine, but it shouldn't be on by default)

comment:6 Changed 7 years ago by jacob

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed in [8537].

comment:7 Changed 3 years ago by jacob

  • milestone 1.0 deleted

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top