date:20210710

Re: [Django] #32902: CsrfViewMiddleware.process_response()'s csrf_cookie_needs_reset and csrf_cookie_set logic isn't right

2021-07-10 Thread Django

#32902: CsrfViewMiddleware.process_response()'s csrf_cookie_needs_reset and
csrf_cookie_set logic isn't right
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 |  Jerdonek
 Type:  Bug  |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Shai Berger):

 * stage:  Accepted => Ready for checkin


Comment:

 Would appreciate at least one more pair of eyes on this, but LGTM.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.e74c804fb946866a87d3e84f847196ae%40djangoproject.com.

Re: [Django] #32915: ./manage runserver --nostatic still doesn't return a traceback

2021-07-10 Thread Django

#32915: ./manage runserver --nostatic still doesn't return a traceback
-+-
 Reporter:  Michael  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  Core (Management |  Version:  3.2
  commands)  |
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Mariusz Felisiak):

 * stage:  Unreviewed => Accepted


Old description:

> Maybe its regression, related to:
> https://code.djangoproject.com/ticket/27522:
>
> ```
> > python manage.py runserver --nostatic
> usage: manage.py runserver [-h] [--ipv6] [--nothreading] [--noreload]
> [--version] [-v {0,1,2,3}] [--settings SETTINGS]
>[--pythonpath PYTHONPATH] [--traceback] [--no-
> color] [--force-color]
>[addrport]
> manage.py runserver: error: unrecognized arguments: --nostatic
> ```
>
> ```
> > python manage.py runserver
> python manage.py runserver
> Traceback (most recent call last):
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/core/management/base.py", line 354, in run_from_argv
> self.execute(*args, **cmd_options)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/core/management/commands/runserver.py", line 61, in
> execute
> super().execute(*args, **options)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/core/management/base.py", line 398, in execute
> output = self.handle(*args, **options)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/core/management/commands/runserver.py", line 68, in
> handle
> if not settings.DEBUG and not settings.ALLOWED_HOSTS:
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/conf/__init__.py", line 82, in __getattr__
> self._setup(name)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/conf/__init__.py", line 69, in _setup
> self._wrapped = Settings(settings_module)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/conf/__init__.py", line 170, in __init__
> mod = importlib.import_module(self.SETTINGS_MODULE)
>   File "/usr/lib/python3.8/importlib/__init__.py", line 127, in
> import_module
> return _bootstrap._gcd_import(name[level:], package, level)
>   File "", line 1014, in _gcd_import
>   File "", line 991, in _find_and_load
>   File "", line 973, in
> _find_and_load_unlocked
> ModuleNotFoundError: No module named 'dist.plug.settings'
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
>   File "manage.py", line 16, in 
> execute_from_command_line(sys.argv)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/core/management/__init__.py", line 419, in
> execute_from_command_line
> utility.execute()
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/core/management/__init__.py", line 413, in execute
> self.fetch_command(subcommand).run_from_argv(self.argv)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/core/management/base.py", line 367, in run_from_argv
> connections.close_all()
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/db/utils.py", line 208, in close_all
> for alias in self:
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/utils/connection.py", line 73, in __iter__
> return iter(self.settings)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/utils/functional.py", line 48, in __get__
> res = instance.__dict__[self.name] = self.func(instance)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/utils/connection.py", line 45, in settings
> self._settings = self.configure_settings(self._settings)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/db/utils.py", line 144, in configure_settings
> databases = super().configure_settings(databases)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/utils/connection.py", line 50, in configure_settings
> settings = getattr(django_settings, self.settings_name)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/conf/__init__.py", line 82, in __getattr__
> self._setup(name)
>   File "/home/michael/venv/project/lib/python3.8/site-
> packages/django/conf/__init__.py", line 69, in _setup
> self._wrapped

Re: [Django] #32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and request.csrf_cookie_needs_reset can be combined

2021-07-10 Thread Django

#32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and
request.csrf_cookie_needs_reset can be combined
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 Type:   |  Jerdonek
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-

Comment (by Chris Jerdonek):

 As additional background and for future reference,
 `request.csrf_processing_done` is the only other custom request attribute
 used by `CsrfViewMiddleware`:
 
https://github.com/django/django/blob/6f60fa97b0b501ef7cc77e16392654bf27ec8db3/django/middleware/csrf.py#L191

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.fb0065f1a5fbe80625c1b7f1c6bb8fb5%40djangoproject.com.

Re: [Django] #32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and request.csrf_cookie_needs_reset can be combined

2021-07-10 Thread Django

#32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and
request.csrf_cookie_needs_reset can be combined
-+-
 Reporter:  Chris Jerdonek   |Owner:  Chris
 Type:   |  Jerdonek
  Cleanup/optimization   |   Status:  assigned
Component:  CSRF |  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-
Changes (by Chris Jerdonek):

 * easy:  0 => 1


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.8cd11a4b37e18c4e84ceb268f2b8470d%40djangoproject.com.

[Django] #32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and request.csrf_cookie_needs_reset can be combined

2021-07-10 Thread Django

#32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and
request.csrf_cookie_needs_reset can be combined
-+-
Reporter: Chris | Owner: Chris Jerdonek
Jerdonek |
Type: | Status: assigned
Cleanup/optimization |
Component: CSRF |Version: dev
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 |Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-+-
In `CsrfViewMiddleware`, `request.META["CSRF_COOKIE_USED"]` and
`request.csrf_cookie_needs_reset` are both used for the same purpose.
Namely, they are inspected inside `CsrfViewMiddleware.process_response()`
to determine whether a cookie should be sent (though the logic in the
method is currently buggy):

https://github.com/django/django/blob/6f60fa97b0b501ef7cc77e16392654bf27ec8db3/django/middleware/csrf.py#L440-L445

Combining these two things would simplify `CsrfViewMiddleware`. This could
be done after #32902, which fixes the bugginess mentioned above.

My suggestion would be to replace both of these with a single
`request.META` key of `request.META["CSRF_COOKIE_NEEDS_RESET"]`. The
reason is that the `request.META` dict is more visible and easier to debug
than a custom request attribute, and it pairs more nicely with
`request.META["CSRF_COOKIE"]`. Also, using the current key of
`"CSRF_COOKIE_USED"` would be misleading because there are cases where the
cookie is queued for reset even if it hasn't been used in the request.

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/052.d58cb7967cb546ae1333e9f6aa9d0d12%40djangoproject.com.

[Django] #32915: ./manage runserver --nostatic still doesn't return a traceback

2021-07-10 Thread Django

#32915: ./manage runserver --nostatic still doesn't return a traceback
-+-
   Reporter:  Michael|  Owner:  nobody
   Type:  Bug| Status:  new
  Component:  Core   |Version:  3.2
  (Management commands)  |
   Severity:  Normal |   Keywords:
   Triage Stage: |  Has patch:  0
  Unreviewed |
Needs documentation:  0  |Needs tests:  0
Patch needs improvement:  0  |  Easy pickings:  0
  UI/UX:  0  |
-+-
 Maybe its regression, related to:
 https://code.djangoproject.com/ticket/27522:

 ```
 > python manage.py runserver --nostatic
 usage: manage.py runserver [-h] [--ipv6] [--nothreading] [--noreload]
 [--version] [-v {0,1,2,3}] [--settings SETTINGS]
[--pythonpath PYTHONPATH] [--traceback] [--no-
 color] [--force-color]
[addrport]
 manage.py runserver: error: unrecognized arguments: --nostatic
 ```

 ```
 > python manage.py runserver
 python manage.py runserver
 Traceback (most recent call last):
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/core/management/base.py", line 354, in run_from_argv
 self.execute(*args, **cmd_options)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/core/management/commands/runserver.py", line 61, in
 execute
 super().execute(*args, **options)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/core/management/base.py", line 398, in execute
 output = self.handle(*args, **options)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/core/management/commands/runserver.py", line 68, in handle
 if not settings.DEBUG and not settings.ALLOWED_HOSTS:
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/conf/__init__.py", line 82, in __getattr__
 self._setup(name)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/conf/__init__.py", line 69, in _setup
 self._wrapped = Settings(settings_module)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/conf/__init__.py", line 170, in __init__
 mod = importlib.import_module(self.SETTINGS_MODULE)
   File "/usr/lib/python3.8/importlib/__init__.py", line 127, in
 import_module
 return _bootstrap._gcd_import(name[level:], package, level)
   File "", line 1014, in _gcd_import
   File "", line 991, in _find_and_load
   File "", line 973, in
 _find_and_load_unlocked
 ModuleNotFoundError: No module named 'dist.plug.settings'

 During handling of the above exception, another exception occurred:

 Traceback (most recent call last):
   File "manage.py", line 16, in 
 execute_from_command_line(sys.argv)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/core/management/__init__.py", line 419, in
 execute_from_command_line
 utility.execute()
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/core/management/__init__.py", line 413, in execute
 self.fetch_command(subcommand).run_from_argv(self.argv)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/core/management/base.py", line 367, in run_from_argv
 connections.close_all()
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/db/utils.py", line 208, in close_all
 for alias in self:
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/utils/connection.py", line 73, in __iter__
 return iter(self.settings)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/utils/functional.py", line 48, in __get__
 res = instance.__dict__[self.name] = self.func(instance)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/utils/connection.py", line 45, in settings
 self._settings = self.configure_settings(self._settings)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/db/utils.py", line 144, in configure_settings
 databases = super().configure_settings(databases)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/utils/connection.py", line 50, in configure_settings
 settings = getattr(django_settings, self.settings_name)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/conf/__init__.py", line 82, in __getattr__
 self._setup(name)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/conf/__init__.py", line 69, in _setup
 self._wrapped = Settings(settings_module)
   File "/home/michael/venv/project/lib/python3.8/site-
 packages/django/conf/__init__.py", line 170, in __init__
 mod = importlib.import_module(self.SETTINGS_MODULE)
   File "/usr/lib/python3.8/importlib/__ini

Re: [Django] #32902: CsrfViewMiddleware.process_response()'s csrf_cookie_needs_reset and csrf_cookie_set logic isn't right

Re: [Django] #32915: ./manage runserver --nostatic still doesn't return a traceback

Re: [Django] #32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and request.csrf_cookie_needs_reset can be combined

Re: [Django] #32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and request.csrf_cookie_needs_reset can be combined

[Django] #32916: CsrfViewMiddleware's request.META["CSRF_COOKIE_USED"] and request.csrf_cookie_needs_reset can be combined

[Django] #32915: ./manage runserver --nostatic still doesn't return a traceback

6 matches

Site Navigation

Mail list logo

Footer information