Question

EXAMPLE1:

def example(request):
    if request.method=="POST":
        if request.is_ajax():
            #do something

EXAMPLE2:

def example(request):
    if request.method=="POST":
        if request.is_ajax():
            #do something
        else:
            #do something
    else:
        #do something

If django project has that above EXAMPLE1 code, even it doesn't have any else: statement like EXAMPLE2, is it okay to run real service?

I wonder absense of else: statement will be chance of being abused or some bad things.

In real service, Do I have to consider statement almost case of request?

Answer 1

问题是主观。但经验法则是，您不希望在任何您不愿意提供的方法上公开任何URL端点 - 最好返回405（方法不允许）（或404 - 在某种程度上）代替。查看list of HTTP status codes。

如果我是你，我肯定会实施你的第二个例子。

请注意，如果您要在任何端点返回404，则可以轻松customize logging of 404 entries using django's error reporting system。

Django in real service, Do I have to set these if else statements to prevent abuse?

1 个答案: