Middleware
Paranoid Mode
Views in Django are considered public until they are marked otherwise (for example, with the
login_required() decorator or the
LoginRequiredMixin). This is somewhat unfortunate as it makes
it easier to accidentally expose pages that were intended to be used only by logged in users,
therefore we provide a middleware that makes all pages require login except when they are
explicitly marked as public.
- class django_logikal.security.LoginRequiredByDefaultMiddleware
Require login on all views by default.
Public views must be marked explicitly via the
public()decorator or by inheriting fromPublicVieworPublicViewMixin.Warning
When this middleware is used, you must mark all public views explicitly, including views included from applications like
django.contrib.admin. You may use the URL utility functions which provide such explicitly marked public views where necessary.Note
All standard settings modules include this middleware by default.
HTML Validation
- class django_logikal.validation.ValidationMiddleware
Validate HTML responses for all requests.
Note
Requires pytest-logikal to be installed.