mirror of
https://github.com/django/django.git
synced 2025-01-22 16:19:35 +00:00
Fixed #19321 -- Allowed redirect middleware HTTP responses to be overridden.
Thanks Melevir for the suggestion.
This commit is contained in:
parent
36e220f923
commit
8b0014869f
@ -8,6 +8,11 @@ from django import http
|
||||
|
||||
|
||||
class RedirectFallbackMiddleware(object):
|
||||
|
||||
# Defined as class-level attributes to be subclassing-friendly.
|
||||
response_gone_class = http.HttpResponseGone
|
||||
response_redirect_class = http.HttpResponsePermanentRedirect
|
||||
|
||||
def __init__(self):
|
||||
if 'django.contrib.sites' not in settings.INSTALLED_APPS:
|
||||
raise ImproperlyConfigured(
|
||||
@ -16,8 +21,9 @@ class RedirectFallbackMiddleware(object):
|
||||
)
|
||||
|
||||
def process_response(self, request, response):
|
||||
# No need to check for a redirect for non-404 responses.
|
||||
if response.status_code != 404:
|
||||
return response # No need to check for a redirect for non-404 responses.
|
||||
return response
|
||||
|
||||
full_path = request.get_full_path()
|
||||
current_site = get_current_site(request)
|
||||
@ -37,8 +43,8 @@ class RedirectFallbackMiddleware(object):
|
||||
pass
|
||||
if r is not None:
|
||||
if r.new_path == '':
|
||||
return http.HttpResponseGone()
|
||||
return http.HttpResponsePermanentRedirect(r.new_path)
|
||||
return self.response_gone_class()
|
||||
return self.response_redirect_class(r.new_path)
|
||||
|
||||
# No redirect was found. Return the response.
|
||||
return response
|
||||
|
@ -1,3 +1,4 @@
|
||||
from django import http
|
||||
from django.conf import settings
|
||||
from django.contrib.sites.models import Site
|
||||
from django.core.exceptions import ImproperlyConfigured
|
||||
@ -61,3 +62,32 @@ class RedirectTests(TestCase):
|
||||
def test_sites_not_installed(self):
|
||||
with self.assertRaises(ImproperlyConfigured):
|
||||
RedirectFallbackMiddleware()
|
||||
|
||||
|
||||
class OverriddenRedirectFallbackMiddleware(RedirectFallbackMiddleware):
|
||||
# Use HTTP responses different from the defaults
|
||||
response_gone_class = http.HttpResponseForbidden
|
||||
response_redirect_class = http.HttpResponseRedirect
|
||||
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=list(settings.MIDDLEWARE_CLASSES) +
|
||||
['django.contrib.redirects.tests.OverriddenRedirectFallbackMiddleware'],
|
||||
SITE_ID=1,
|
||||
)
|
||||
class OverriddenRedirectMiddlewareTests(TestCase):
|
||||
|
||||
def setUp(self):
|
||||
self.site = Site.objects.get(pk=settings.SITE_ID)
|
||||
|
||||
def test_response_gone_class(self):
|
||||
Redirect.objects.create(
|
||||
site=self.site, old_path='/initial/', new_path='')
|
||||
response = self.client.get('/initial/')
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
def test_response_redirect_class(self):
|
||||
Redirect.objects.create(
|
||||
site=self.site, old_path='/initial/', new_path='/new_target/')
|
||||
response = self.client.get('/initial/')
|
||||
self.assertEqual(response.status_code, 302)
|
||||
|
@ -26,10 +26,11 @@ How it works
|
||||
``manage.py migrate`` creates a ``django_redirect`` table in your database. This
|
||||
is a simple lookup table with ``site_id``, ``old_path`` and ``new_path`` fields.
|
||||
|
||||
The ``RedirectFallbackMiddleware`` does all of the work. Each time any Django
|
||||
application raises a 404 error, this middleware checks the redirects database
|
||||
for the requested URL as a last resort. Specifically, it checks for a redirect
|
||||
with the given ``old_path`` with a site ID that corresponds to the
|
||||
The :class:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware`
|
||||
does all of the work. Each time any Django application raises a 404
|
||||
error, this middleware checks the redirects database for the requested
|
||||
URL as a last resort. Specifically, it checks for a redirect with the
|
||||
given ``old_path`` with a site ID that corresponds to the
|
||||
:setting:`SITE_ID` setting.
|
||||
|
||||
* If it finds a match, and ``new_path`` is not empty, it redirects to
|
||||
@ -43,8 +44,8 @@ The middleware only gets activated for 404s -- not for 500s or responses of any
|
||||
other status code.
|
||||
|
||||
Note that the order of :setting:`MIDDLEWARE_CLASSES` matters. Generally, you
|
||||
can put ``RedirectFallbackMiddleware`` at the end of the list, because it's a
|
||||
last resort.
|
||||
can put :class:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware`
|
||||
at the end of the list, because it's a last resort.
|
||||
|
||||
For more on middleware, read the :doc:`middleware docs
|
||||
</topics/http/middleware>`.
|
||||
@ -69,3 +70,29 @@ Via the Python API
|
||||
objects via the :doc:`Django database API </topics/db/queries>`.
|
||||
|
||||
.. _django/contrib/redirects/models.py: https://github.com/django/django/blob/master/django/contrib/redirects/models.py
|
||||
|
||||
Middleware
|
||||
==========
|
||||
|
||||
.. class:: middleware.RedirectFallbackMiddleware
|
||||
|
||||
You can change the :class:`~django.http.HttpResponse` classes used
|
||||
by the middleware by creating a subclass of
|
||||
:class:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware`
|
||||
and overriding ``response_gone_class`` and/or ``response_redirect_class``.
|
||||
|
||||
.. attribute:: response_gone_class
|
||||
|
||||
The :class:`~django.http.HttpResponse` class used when a
|
||||
:class:`~django.contrib.redirects.models.Redirect` is not
|
||||
found for the requested path or has a blank ``new_path``
|
||||
value.
|
||||
|
||||
Defaults to :class:`~django.http.HttpResponseGone`.
|
||||
|
||||
.. attribute:: response_redirect_class
|
||||
|
||||
The :class:`~django.http.HttpResponse` class that handles the
|
||||
redirect.
|
||||
|
||||
Defaults to :class:`~django.http.HttpResponsePermanentRedirect`.
|
||||
|
@ -193,6 +193,17 @@ Minor features
|
||||
follow the :setting:`SESSION_COOKIE_SECURE` and
|
||||
:setting:`SESSION_COOKIE_HTTPONLY` settings.
|
||||
|
||||
:mod:`django.contrib.redirects`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
* :class:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware`
|
||||
has two new attributes
|
||||
(:attr:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware.response_gone_class`
|
||||
and
|
||||
:attr:`~django.contrib.redirects.middleware.RedirectFallbackMiddleware.response_redirect_class`)
|
||||
that specify the types of :class:`~django.http.HttpResponse` instances the
|
||||
middleware returns.
|
||||
|
||||
:mod:`django.contrib.sessions`
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user