New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed #24137 -- Use default reason phrases from HTTP standard. #3902
Conversation
Hah. I've always used the all caps as a hint that it's django serving the request :). |
That seems like an opportunity for a malicious user to sniff that a page was served by a Django application server. |
Is there a specific reason to duplicate this dict in Django? |
I'm happy to alter the code to use the values from Python stdlib. Should this still be assigned to the variable REASON_PHRASES for backwards compatibility or is that considered an internal detail? |
There is an import in # For backwards compatibility -- lots of code uses this in the wild!
from django.http.response import REASON_PHRASES as STATUS_CODE_TEXT I'd like to keep that around for a while and add a deprecation. Another thing I'd like to see, is a note in the release notes under "Backwards incompatible changes" that the all-uppercase property for https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpResponse.reason_phrase (and others on that page) changes to the defaults provided through the Python stdlib. |
I have made the suggested changes:
Some thoughts from me:
|
try: | ||
from http.client import responses | ||
except ImportError: | ||
from httplib import responses |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that we could make use of a six moved import: six.http_client
(https://pythonhosted.org/six/#module-six.moves)
TODO:
|
Found this upstream bug http://bugs.python.org/issue21793 and changeset https://hg.python.org/cpython/rev/edf669b13482 which resolves this concern. However, this does not help users of Python < 3.5. |
We can test the Python version and complete the dict for Python < 3.5 |
Or we can admit that reason phrases are purely cosmetic and leave it there :-) |
I have separated out the commits and added tests.
I have done this in the most recent commit.
I'm happy to remove the version check and leave the dictionaries as is. I agree, this shouldn't present a real problem as 1. These status codes are either later additions or non-standard 2. These phrases are intended only for humans. I'll do whatever is agreed upon here as the best course. Removing the version check will simplify the code any remove any future maintenance burden as versions go unsupported. |
I think I agree with Aymeric. I'd (personally) prefer simpler code: use whatever python provides and you can set the reason message by hand if you want more than that. REASON_PHRASES and STATUS_CODE_TEXT are both undocumented, so I don't think it makes sense to bend-over-backward just to raise a warning. Mentioning the changes in the release notes should be good enough it seems to me. If we were clever in our importing (like "from django.utils.six.moves.http_client import responses as REASON_PHRASES" and then keep using REASON_PHRASES) that could make things smoother for people. |
Thanks. @claudep How do you feel about these responses? At this point is there consensus? Is it worth still raising this issue on django-developers? Or should I tear out the version check?
Are you suggesting I drop the deprecation path? Documenting the change is sufficient?
My opinion, either we support the |
Yes, we don't need to have deprecation paths for undocumented features, unless they're really popular. |
OK. I don't have a problem with this. But, this is in contrast to the comment above from @MarkusH
I'm OK going either way on this, I just need some consensus so I know what to implement. |
I have updated my PR and incorporated feedback. Some feedback is conflicting, but I chose what seems most appropriate and preferred by most people.
Any additional feedback is welcome. Thanks. |
But what's the point? IMHO using
and
These are both internal, undocumented module "constants" that simply shadow a stdlib constant. I see no hard evidence that these are popular. So I've taken the approach of simply mentioning them in the release notes. I feel adding this shim only adds noise to the code -- makes reading and searching more tedious -- without solving a real problem. If adding |
Good point. lgtm. |
@@ -303,3 +303,11 @@ removed in Django 1.9 (please see the :ref:`deprecation timeline | |||
* Private API ``django.test.utils.TestTemplateLoader`` is removed. | |||
|
|||
* The ``django.contrib.contenttypes.generic`` module is removed. | |||
|
|||
* ``django.http.responses.REASON_PHRASES`` and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This documentation is in the wrong section -- these are features that have gone through a deprecation cycle. The section you want is "Backwards incompatible changes"
@timgraham All feedback incorporated in the latest version.
This worked great! Thanks for the tip. Is it worth adding a |
Could you please rebase your branch on top of master? |
Done. Thanks. |
buildbot, test this please |
Probably not worth adding Python 2 to intersphinx at this point. merged in 24b2bc6. Thanks Jon and all reviewers! |
No description provided.