Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-25 Thread Aymeric Augustin
2015-06-24 23:48 GMT+02:00 Shai Berger : > That is exactly the point: Before the proposed change, you *cannot* control > the page returned for disallowed user agent via handler403(), because that > handler is called when the PermissionDenied exception is raised, not when a > Response object is ret

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-24 Thread Nacharov Mikhail
Well, I know that block specific browsers is a bad idea, but sometimes it's necessary to do. For example, creating modern "single-page" web application for restricted number of users. I would prefer show in old browsers something like "Sorry, your browser is too old to use this site, please ins

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-24 Thread Shai Berger
On Wednesday 24 June 2015 15:15:35 François Schiettecatte wrote: > > Sounds right, but you can do that already with handler403. The change > proposed changes the handling of the user agent to raising > PermissionDenied exception rather than returning a > HttpResponseForbidden(). > That is exactl

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-24 Thread François Schiettecatte
Shai Sounds right, but you can do that already with handler403. The change proposed changes the handling of the user agent to raising PermissionDenied exception rather than returning a HttpResponseForbidden(). François > On Jun 24, 2015, at 6:22 AM, Shai Berger wrote: > > To clarify, I don't

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-24 Thread Shai Berger
To clarify, I don't object to logging or other custom actions, and it was clear to me that the feature of DISALLOWED_USER_AGENTS already exists; my concern is that the OP's motivation seems to have been to control the design of the error page, which indicates an intention to show it to humans us

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-24 Thread Aymeric Augustin
2015-06-24 1:56 GMT+02:00 Shai Berger : > Could any of the supporters elaborate on the use-case? > Just to clear a possible confusion -- this feature already exists, it was added in 2005 to filter out unwanted crawlers by blacklisting their user-agent. The proposal here is to use the custom 403

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-23 Thread Shai Berger
On Tuesday 23 June 2015 15:50:14 Tim Graham wrote: > I don't think there's an "architecture rule" that would prevent that > design. It looks like DISALLOWED_USER_AGENTS has been around since 2005, > but handler403 wasn't added until 1.4. Since the docs for the setting say > "Use this for bad robots

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-23 Thread François Schiettecatte
Aymeric I have created the ticket https://code.djangoproject.com/ticket/25017 with suggested fix. Let me know if you need more input/information from me. Best regards François > On Jun 23, 2015, at 9:15 AM, Aymeric Augustin > wrote: > > DISALLOWED_USER_AGENTS predates the addition of the 4

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-23 Thread François Schiettecatte
Aymeric Sure, I will do that later today, I’ll also take a look at the code to see what needs to be done. François > On Jun 23, 2015, at 9:15 AM, Aymeric Augustin > wrote: > > DISALLOWED_USER_AGENTS predates the addition of the 403 handler and wasn't > updated to take advantage of it. > >

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-23 Thread Aymeric Augustin
DISALLOWED_USER_AGENTS predates the addition of the 403 handler and wasn't updated to take advantage of it. I believe it would make sense to raise Http403 there. Would you mind filing a ticket on https://code.djangoproject.com/? Thanks! -- Aymeric. PS: perhaps we should audit the code base for

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-23 Thread Tim Graham
I don't think there's an "architecture rule" that would prevent that design. It looks like DISALLOWED_USER_AGENTS has been around since 2005, but handler403 wasn't added until 1.4. Since the docs for the setting say "Use this for bad robots/crawlers." I guess it's implied that customizing the r

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-23 Thread François Schiettecatte
And quoting Tim Graham: You'll get answers to questions like this on the django-users email list, - the web interface is . The list you've posted to is django-developers, which is for the discussion of the development of Django itself. Yo

Re: CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-23 Thread François Schiettecatte
What about the 403 handler ? https://docs.djangoproject.com/en/1.8/ref/urls/#handler403 François > On Jun 23, 2015, at 8:10 AM, michael.nacha...@gmail.com wrote: > > Dear, folks! > > I wonder is there some architecture rule that doesn't allow CommonMiddleware > raise PermissionDenied

CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-23 Thread Nacharov Mikhail
Dear, folks! I wonder is there some architecture rule that doesn't allow CommonMiddleware raise *PermissionDenied* exeption when client agent matches one of the settings.DISALLOWED_USER_AGENTS regexps? Right now

CommonMiddleware DISALLOWED_USER_AGENTS logic

2015-06-23 Thread michael . nacharov
Dear, folks! I wonder is there some architecture rule that doesn't allow CommonMiddleware raise PermissionDenied exception? Right now if django-developer wants to use DISALLOWED_USER_AGENTS setting than all d