Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #11340 -- Prevented HttpResponseNotModified to have content/con…

…tent-type

The HTTP 1.1 spec tells that the 304 response MUST NOT contain a
message body.
Thanks aparajita for the report.
  • Loading branch information...
commit 7cfe8e8fce7677ec696f42a7d1501a97e8191a3d 1 parent e2b4edd
Claude Paroz authored August 22, 2012
10  django/http/__init__.py
@@ -744,6 +744,16 @@ class HttpResponsePermanentRedirect(HttpResponseRedirectBase):
744 744
 class HttpResponseNotModified(HttpResponse):
745 745
     status_code = 304
746 746
 
  747
+    def __init__(self, *args, **kwargs):
  748
+        super(HttpResponseNotModified, self).__init__(*args, **kwargs)
  749
+        del self['content-type']
  750
+
  751
+    @HttpResponse.content.setter
  752
+    def content(self, value):
  753
+        if value:
  754
+            raise AttributeError("You cannot set content to a 304 (Not Modified) response")
  755
+        self._container = []
  756
+
747 757
 class HttpResponseBadRequest(HttpResponse):
748 758
     status_code = 400
749 759
 
2  django/views/static.py
@@ -61,7 +61,7 @@ def serve(request, path, document_root=None, show_indexes=False):
61 61
     mimetype = mimetype or 'application/octet-stream'
62 62
     if not was_modified_since(request.META.get('HTTP_IF_MODIFIED_SINCE'),
63 63
                               statobj.st_mtime, statobj.st_size):
64  
-        return HttpResponseNotModified(content_type=mimetype)
  64
+        return HttpResponseNotModified()
65 65
     with open(fullpath, 'rb') as f:
66 66
         response = HttpResponse(f.read(), content_type=mimetype)
67 67
     response["Last-Modified"] = http_date(statobj.st_mtime)
5  docs/ref/request-response.txt
@@ -743,8 +743,9 @@ types of HTTP responses. Like ``HttpResponse``, these subclasses live in
743 743
 
744 744
 .. class:: HttpResponseNotModified
745 745
 
746  
-    The constructor doesn't take any arguments. Use this to designate that a
747  
-    page hasn't been modified since the user's last request (status code 304).
  746
+    The constructor doesn't take any arguments and no content should be added
  747
+    to this response. Use this to designate that a page hasn't been modified
  748
+    since the user's last request (status code 304).
748 749
 
749 750
 .. class:: HttpResponseBadRequest
750 751
 
12  tests/regressiontests/httpwrappers/tests.py
@@ -6,7 +6,7 @@
6 6
 
7 7
 from django.core.exceptions import SuspiciousOperation
8 8
 from django.http import (QueryDict, HttpResponse, HttpResponseRedirect,
9  
-                         HttpResponsePermanentRedirect,
  9
+                         HttpResponsePermanentRedirect, HttpResponseNotModified,
10 10
                          SimpleCookie, BadHeaderError,
11 11
                          parse_cookie)
12 12
 from django.utils import six
@@ -330,6 +330,16 @@ def test_unsafe_redirect(self):
330 330
                               HttpResponsePermanentRedirect, url)
331 331
 
332 332
 
  333
+class HttpResponseSubclassesTests(unittest.TestCase):
  334
+    def test_not_modified(self):
  335
+        response = HttpResponseNotModified()
  336
+        self.assertEqual(response.status_code, 304)
  337
+        # 304 responses should not have content/content-type
  338
+        with self.assertRaises(AttributeError):
  339
+            response.content = "Hello dear"
  340
+        self.assertNotIn('content-type', response)
  341
+
  342
+
333 343
 class CookieTests(unittest.TestCase):
334 344
     def test_encode(self):
335 345
         """

0 notes on commit 7cfe8e8

Please sign in to comment.
Something went wrong with that request. Please try again.