Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #20819 -- Return 404 instead of 500 error when ``staticfiles`` …

…view is used in production.
  • Loading branch information...
commit 4c6ffcf721b9a36b9b7e4730f4f4716cc90a5f02 1 parent 5154c9f
Tai Lee authored
View
5 django/contrib/staticfiles/views.py
@@ -11,7 +11,6 @@
from urllib import unquote
from django.conf import settings
-from django.core.exceptions import ImproperlyConfigured
from django.http import Http404
from django.views import static
@@ -31,9 +30,7 @@ def serve(request, path, insecure=False, **kwargs):
It uses the django.views.static view to serve the found files.
"""
if not settings.DEBUG and not insecure:
- raise ImproperlyConfigured("The staticfiles view can only be used in "
- "debug mode or if the --insecure "
- "option of 'runserver' is used")
+ raise Http404
normalized_path = posixpath.normpath(unquote(path)).lstrip('/')
absolute_path = finders.find(normalized_path)
if not absolute_path:
View
6 docs/ref/contrib/staticfiles.txt
@@ -350,6 +350,12 @@ This view function serves static files in development.
**insecure**. This is only intended for local development, and should
**never be used in production**.
+.. versionchanged:: 1.7
+
+ Will now raise an :exc:`~django.http.Http404` exception instead of
+ :exc:`~from django.core.exceptions.ImproperlyConfigured` when
+ :setting:`DEBUG` is ``True``.
+
.. note::
To guess the served files' content types, this view relies on the
View
8 docs/releases/1.7.txt
@@ -122,6 +122,14 @@ Miscellaneous
* Loading empty fixtures emits a ``RuntimeWarning`` rather than raising
:class:`~django.core.management.CommandError`.
+* :view:`~django.contrib.staticfiles.views.serve` will now raise an
+ :exc:`~django.http.Http404` exception instead of
+ :exc:`~from django.core.exceptions.ImproperlyConfigured` when :setting:`DEBUG`
+ is ``True``. This change removes the need to conditionally add the view to
+ your root URLconf, which in turn makes it safe to reverse by name. It also
+ removes the ability for visitors to generate spurious HTTP 500 errors by
+ requesting static files that don't exist or haven't been collected yet.
+
Features deprecated in 1.7
==========================
View
3  tests/staticfiles_tests/tests.py
@@ -650,8 +650,7 @@ def setUp(self):
settings.DEBUG = False
def test_disabled_serving(self):
- six.assertRaisesRegex(self, ImproperlyConfigured, 'The staticfiles view '
- 'can only be used in debug mode ', self._response, 'test.txt')
+ self.assertFileNotFound('test.txt')
class TestServeStaticWithDefaultURL(TestServeStatic, TestDefaults):
Please sign in to comment.
Something went wrong with that request. Please try again.