[Django]-Django url validation



You should really be checking for request type in your views, and not in a middleware. As I mentioned in the comments above, you can’t tell whether a request is a POST message from the URL alone, let alone determine what POST data it carries.

Checking the request type within a view is very straight-forward — simple check that request.method is equal to "GET" or "POST".

If you’re doing this often, a short cut would be to create a decorator which does this check for you. For example, the following decorator checks that a GET request was used to call this view, or else return an HttpResponseBadRequest object (status code 400):

# untested code, use with care
def require_GET(view_func):
    def wrap(request, *args, **kwargs):
        if request.method != "GET":
            return HttpResponseBadRequest("Expecting GET request")
        return view_func(request, *args, **kwargs)
    wrap.__doc__ = view_func.__doc__
    wrap.__dict__ = view_func.__dict__
    wrap.__name__ = view_func.__name__
    return wrap

You can then simply prepend your view function with @require_GET and the check will be done whever the view is called. E.g.

def your_view(request):
    # ...

You can do the same for POST.

Here’s an example decorator checking for POST request which takes an optional list of fields that must be provided with the POST request.

# again, untested so use with care.
def require_POST(view_func, required_fields=None):
    def wrap(request, *args, **kwargs):
        if request.method != "POST":
            return HttpResponseBadRequest("Expecting POST request")
        if required_fields:
            for f in required_fields:
                if f not in request.POST:
                    return HttpResponseBadRequest("Expecting field %s" % f)
        return view_func(request, *args, **kwargs)
    wrap.__doc__ = view_func.__doc__
    wrap.__dict__ = view_func.__dict__
    wrap.__name__ = view_func.__name__
    return wrap

Use like this:

def another_view(request):
    # ...


@require_POST(required_fields=("username", "password"))
def custom_login_view(request):
    # ...


OK, my bad. I’ve just reinvented wheel.

Django already provides the @require_GET and @require_POST decorators. See django.views.decorators.http.


Like others said, you must do it in your view, or maybe you must say what you are trying to do for the best…

Anyway, you can not create a responce object in process_request , you can only add variables or change variables on the related request, like the sessionid variable used by django, or any such thing… Or update any existing request variables…

So, you must use process_view, which is triggered after process_request and just before your related view function is executed.Since you have request object at hand, you can check GET or POST data by using request.GET or request.POST.

For doing this, you must add your middle class to MIDDLEWARE_CLASSES in settings.py and write a proper middleware process_view function. For writing middlewares see middleware documentation and check existing middlewares of django. Or tell me what you are rtying to do…

Leave a comment