Opened 8 years ago
Last modified 8 years ago
#27344 closed Bug
ConditionalGetMiddleware should not operate on unsafe requests — at Initial Version
| Reported by: | Kevin Christopher Henry | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | 1.10 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
With unsafe methods (PUT, etc.) the appropriate conditional response would be a 412 Precondition Failed response, which should prevent the request from being carried out. But by definition ConditionalGetMiddleware acts after the response has been generated, so it’s too late. The PR below includes a regression test where the middleware inappropriately changes the response to a 412 after applying the unsafe operation.
Note:
See TracTickets
for help on using tickets.