Ability to exclude a specific view or form from DATA_UPLOAD_MAX_NUMBER_FIELDS

[Victor Kovalev]

Use case & rationale:

We have a large, complicated CMS application. One of the advanced power views this application has uses a form that requires an unusually large number of fields. This particular view is only accessible by Admin users, behind 2 separate authentication gates. So, we'd like that view to support having this form with a large number of fields.

Having said that, given that one of the stated purposes of DATA_UPLOAD_MAX_NUMBER_FIELDS is protection from DoS, increasing the DATA_UPLOAD_MAX_NUMBER_FIELDS value for our entire app across the board (or setting it to None to disable the check) seems counter-productive in terms of security / DoS-protection.

I would really love to have a way to specify "hey, this particular view or form is OK to use a myriad of fields" without affecting the rest of the app. Hence the feature request!

Thank you very much for all the wonderful work y'all do with the Django framework.

[Mariusz Felisiak]

Thanks for this suggestion, however it seems to be really niche and not worth maintaining by Django itself. I'm also not sure how forms with 1000+ fields can be filled by a human.

Please ​follow the triaging guidelines with regards to wontfix tickets and take this to DevelopersMailingList, where you'll reach a wider audience and see what other think,

[Jonas Dittrich]

I'm also not sure how forms with 1000+ fields can be filled by a human.

With (prefilled) Django's ModelMultipleChoiceField this can happen quite easily. I'd consider reopening this ticket.