#36206: Issues in the Existing SecurityMiddleware Code 1. Incorrect use of
response.setdefault() instead of response.headers.setdefault() 2. In the
process_request() method, HTTPS redirection is done While this works,
%-formatting is less readable and slightly less performant than modern
alternatives like f-strings 3. Preventing Overwriting of Existing Headers
--------------------------------+--------------------------------------
Reporter: Abhijeet Kumar | Owner: (none)
Type: Bug | Status: new
Component: Uncategorized | Version: 5.1
Severity: Normal | Resolution:
Keywords: security.py | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------+--------------------------------------
Comment (by Jake Howard):
The formatting for the description is a little broken - could you fix it?
You're also describing 3 separate issues in one ticket, which makes
reviewing difficult. Could you separate them?
They also seem to be in the realm of nitpicks and small changes (eg
converting an f-string), which doesn't have a noticable impact on, well
anything.
--
Ticket URL: <https://code.djangoproject.com/ticket/36206#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/010701952a4c587e-c75b6436-f214-4200-8c2a-01c7af369776-000000%40eu-central-1.amazonses.com.
