Question

I made a custom handler404 for a authenticated Django website to avoid information leakage.

def check_logged_in_404(request):
    """ Custom 404. Show friendly 404 when logged in and redirect to /login
    when not logged in.
    """
    if request.user.is_authenticated():
        return render_to_response( 404.html )
    else:
        return HttpResponseRedirect( /login )

Functionally it does exactly what I want. However the 404 return page has a status 200, which is correct code-wise. But this obviously needs to be a 404 return status.

A raise404 doesn t work because, if not ending in a infinite recursion, it comes back here and thus results in the same issue.

I tried a HttpResponseNotFound, but this only takes a string as a argument and not a template, which is not to DRY-ish.

And I manually tried to set the header with:

    response = render_to_response( 404.html )
    response[ Status ] = "Not Found - 404"
    return response

Then the status header is indeed set but the browser still shows up a 200.

I m out of options .. Anybody that has tips, please be my hero ... :)

Thanx and regards,

Gerard.

Edit: I tried the status field value in all sort btw, but no luck :(

Answer 1

I d use render_to_string and HttpResponseNotFound, e.g. return HttpResponseNotFound(render_to_string( 404.html )).

Answer 2

I finally found why the returned status code didnt work. Instead of setting a header message, it simply is:

response.status_code = 404

Nevertheless, the code suggested by PiotrLegnica definitely wins on simplicity, readability and beauty .. The badge still stands ;)

Regards,

Gerard.

Answer 3

Based on suggestions above, here is my short version of 404, 500 handlers:

def handler404(request):
    response = render_to_response( 404.html , {},
                                  context_instance=RequestContext(request))
    response.status_code = 404
    return response


def handler500(request):
    response = render_to_response( 500.html , {},
                                  context_instance=RequestContext(request))
    response.status_code = 500
    return response

Answer 4

You can use render method:

from django.shortcuts import render

Returns a HttpResponse whose content is filled with the result of calling django.template.loader.render_to_string() with the passed arguments.

Uses a RequestContext by default.

Example:

return render(request,  404.html , status=404)

And with keywords:

return render(request,  404.html , { data :  some data }, status=404)

Answer 5

Why don t you just use Http404 exception?

if request.user.is_authenticated():
    raise Http404
else:
    return HttpResponseRedirect( /login )

That should be just fine for you.

Answer 6

You could do something like the example below.

Into your application s urls.py add:

# Imports
from django.conf.urls.static import static
from django.conf.urls import handler404
from django.conf.urls import patterns, include, url
from yourapplication import views

##
# Handles the URLS calls
urlpatterns = patterns(  ,
    # url(r ^$ , include( app.homepage.urls )),
)

handler404 = views.error404

Into your application s views.py add:

# Imports
from django.shortcuts import render
from django.http import HttpResponse
from django.template import Context, loader


##
# Handle 404 Errors
# @param request WSGIRequest list with all HTTP Request
def error404(request):

    # 1. Load models for this view
    #from idgsupply.models import My404Method

    # 2. Generate Content for this view
    template = loader.get_template( 404.htm )
    context = Context({
         message :  All: %s  % request,
        })

    # 3. Return Template for this view + Data
    return HttpResponse(content=template.render(context), content_type= text/html; charset=utf-8 , status=404)

The secret is in the last line: status=404

Hope it helped!

I look forward to see the community inputs to this approach. =)

友情链接