Opened 3 years ago
Last modified 3 years ago
#32596 closed Cleanup/optimization
Add a method to CsrfViewMiddleware to encapsulate its referer logic — at Version 1
| Reported by: | Chris Jerdonek | Owned by: | nobody |
|---|---|---|---|
| Component: | CSRF | Version: | dev |
| Severity: | Normal | Keywords: | CsrfViewMiddleware, referer |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
The CsrfViewMiddleware class's process_view() method currently clocks in at 120 lines. If a method were added that encapsulates its HTTP referer logic (similar to how CsrfViewMiddleware._origin_verified() encapsulates its origin logic), its length could be cut in half. I think this would make the method a lot easier to maintain and understand. For example, in addition to being shorter, one optimization I'm thinking of would be easier to implement. This is because there's no way to "jump out" of an if-block, whereas with a method, you can return early.
Given that the reason string for rejecting a request can vary in the referer case, I would suggest a method that raises an exception internal to the module, rather than returning a value. The call could then look something like this (it would go here: https://github.com/django/django/blob/cac9ec73db35a6d38d33f271f4724da486c60e9f/django/middleware/csrf.py#L283):
elif request.is_secure(): try: self._check_referer(request) except _RejectRequest as exc: return self._reject(request, exc.reason)