Incidentally, I don't think it's important for the ultimate decision here, but I looked at the below analysis of ticket #32189. Carlton's analysis on the ticket that request.POST is empty when using 'content-type': 'application/json' remains true. The results of the tests provided in the description of #32189 remain unchanged by the fix for #34063 (test_request_factory_data_multipart passes and test_request_factory_data_json fails in the same way as in the ticket description). I would triage #32189 exactly as Carlton did. I don't see anything in that ticket that leads to the "AssertionError: Cannot read more than the available bytes from the HTTP incoming data." as in #34063. It's possible I made a mistake or that my knowledge is lacking, but I see nothing that would make me mark #32189 as a duplicate of #34063 (which I was planning to correct for posterity if it's indeed the case). It's possible that reporter did encounter the "Cannot read..." AssertionError at some point, but I see nothing concrete in the ticket that reproduces it. I hope that's clarifying!
> > James argues that this bug that went unreported for 2+ years is now very > important and is going to cause massive pain for many users. Only time will > answer this, but I'm skeptical. So far I believe we've seen two people > affected, James and the ticket reporter. > > Well. > > I had been trying to avoid bringing this up because I felt that the > backport policy and the severity of the bug were the things to focus > on, and because I was trying to avoid singling out individual mistakes > that contributed to the situation we have now. But there is at least > one other report of this bug in the Django Trac instance. It is the > first one I found when trying to diagnose the problem in my own code > (and the one I mentioned in my initial question on IRC, as anyone who > saw that can confirm), and it is one that was filed only a couple of > months after the release of Django 3.1, so well within the window of > time when the backport policy would have said to apply the fix to the > 3.1 branch as well as to main. It also correctly diagnosed the source > of the bug and provided an attempt at a patch. > > That ticket was #32189: > > https://code.djangoproject.com/ticket/32189 > > But it was closed invalid as a user error. We can debate whether the > user should have been trying to access request.POST for their > particular use case, but we cannot debate whether this is the > underlying bug that user was encountering. It also was clearly not the > normal behavior one ought to see from accessing request.POST, even in > a non-POST request or supposedly non-appropriate context, and likely > either should not have been closed, or should have produced a > follow-up ticket to investigate why that specific behavior was > occurring. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/05fef0dd-e608-46d2-a850-ddc5574183c2n%40googlegroups.com.
