1. Jesper Nøhr
  2. django-piston
Issue #85 new

Middleware can break django piston PUT/POST coercion

Paul Carduner
created an issue

Here is the exception that first got me onto this bug (for googlers):

//AttributeError: You cannot set the upload handlers after the upload has been processed.//

After much debugging, I discovered that I was using request middleware that inspects POST data for a session key:

{{{

!python

class PostSessionMiddleware(SessionMiddleware): """Session middleware that supports extracting the session id from post data."""

def process_request(self, request):
    session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
    if session_key is None:
        session_key = request.POST.get(settings.SESSION_COOKIE_NAME, None)

    engine = import_module(settings.SESSION_ENGINE)
    request.session = engine.SessionStore(session_key)

}}}

This middleware is required if you use sessions to maintain authentication and want to send authenticated put requests via flash, which doesn't send browser cookies.

The request middleware is run before piston code is called, and so by the time piston does get called, the request PUT/POST data has already been processed, and piston.utils.coerce_put_post fails with the above exception.

I don't feel comfortable enough with the internals of Django's request processing to know what the best solution is, but something that at least works with django 1.1 is to only run coerce_put_post if not hasattr(request, "_files").

I will be fixing this in my fork shortly.

Comments (5)

  1. Anonymous

    I had to do a small modification to your patch to get things working...

    the line 'request.PUT = request.POST' should still execute so I just decreased its indent and it did the trick...

  2. Anonymous

    well I had to throw it away after all, issues popped up afterwards, instead of patching things around Im just calling the function in a middleware now...

  3. Log in to comment