Opened 17 months ago
Last modified 13 months ago
#34742 closed Bug
calling a DELETE endpoint without a trailing slash does not thow RuntimeError in DEBUG mode — at Initial Version
Reported by: | Troy Sankey | Owned by: | |
---|---|---|---|
Component: | HTTP handling | Version: | 4.2 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Current situation:
If DEBUG mode is enabled, and APPEND_SLASH is set to True, calling a standard DRF-generated POST, PUT, or Patch endpoint without a trailing slash will result in itentionally raising a RuntimeError in order to warn developers that callers must be re-written to include a trailing slash or else it the 301 redirect will convert the request into a GET and clear the request payload:
The problem:
The linked code doesn't also do the same for DELETE, so DELETE calls missing trailing slashes are silently converted to GET calls in development environments which could result in uncaught bugs in production.
I proposed a simple fix: https://github.com/django/django/pull/17072/files