Opened 15 years ago

Last modified 12 years ago

#9805 closed

reverse() does not add SCRIPT_NAME to the returned URL if called from middleware modules — at Version 2

Reported by: ElliottM Owned by: Malcolm Tredinnick
Component: Core (Other) Version: 1.0
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Malcolm Tredinnick)

For example, take the following middleware.py file, with one example middleware thing that redirects you to the login page if you are not logged in:

login_url=reverse('login')

class LoginMiddleware():
        def process_request(self, request):             
                if(request.user.is_anonymous() and request.path!=login_url):
                        #force login
                        return HttpResponseRedirect(login_url+'?next='+request.path)

In this case, login_url will be correct except for the fact that it will be missing the SCRIPT_NAME. Putting the reverse() call inside the process_request function solves the problem, but it makes no sense at all to call that reverse function for every request when it can be called once at server startup.

The cause is in django.core.handles.wsgi and django.core.handlers.modpython

if self._request_middleware is None:
   self.load_middleware()

set_script_prefix(req.get_options().get('django.root', ''))

As you can see, "set_script_prefix" is called AFTER middleware is loaded, so the script name is still unset when reverse() is called in the middleware above. Moving the set_script_prefix call above the load_middleware function solves the problem.

Change History (3)

by ElliottM, 15 years ago

Attachment: reverse.diff added

Patch that fixes the error

comment:1 by ElliottM, 15 years ago

Summary: reverse() does not add SCRIPT_NAME to the returned URL if called from modules that contain middlewarereverse() does not add SCRIPT_NAME to the returned URL if called from middleware modules

comment:2 by Malcolm Tredinnick, 15 years ago

Description: modified (diff)
Owner: changed from nobody to Malcolm Tredinnick

(Fixed description formatting.)

This isn't really fixing the problem, so much as hiding it. Loading the middlewares should not require access to SCRIPT_NAME (it can change between requests and the middleware is only loaded once). So the code you give actually contains a small bug -- probably not observable for something like the "logout" view, but a bug nonetheless, as it could reverse to a different URL for a different request.

There's a metnion in another ticket that we might add a kind of "lazy" reverse() that resolves upon usage, rather than declaration. When I find that ticket, I'll drop in a comment here and wontfix this one. Leaving open for now to remind me to hunt down the other case.

Note: See TracTickets for help on using tickets.
Back to Top