classification
Title: No longer able to override DATA_UPLOAD_MAX_MEMORY_SIZE outside of settings.py
Type: security Stage: resolved
Components: Versions: Python 3.7
process
Status: closed Resolution: third party
Dependencies: Superseder:
Assigned To: Nosy List: drew.scholz, eric.smith
Priority: normal Keywords:

Created on 2020-09-22 00:14 by drew.scholz, last changed 2020-09-22 15:28 by eric.smith. This issue is now closed.

Files
File name Uploaded Description Edit
decorators.py drew.scholz, 2020-09-22 00:14
Messages (4)
msg377293 - (view) Author: Drew Scholz (drew.scholz) Date: 2020-09-22 00:14
After upgrading our Django 1.11 project from Python 2.7 to 3.7, our single endpoint decorator to override django conf settings no longer works. requests.py inside the virtual environment /lib/python3.7/site-packages/django/http triggers the RequestDataTooBig exception (~line 271) before the change to DATA_UPLOAD_MAX_MEMORY_SIZE has been increased by our decorator. We are able to make the change global inside settings.py however we are concerned with the security vulnerabilities due to the size we want to allow for the single endpoint.
msg377310 - (view) Author: Eric V. Smith (eric.smith) * (Python committer) Date: 2020-09-22 11:14
This seems like a Django specific error, in which case this isn't the correct bug tracker to report the problem.

Can you reproduce a problem with just straight Python, without using Django?
msg377337 - (view) Author: Drew Scholz (drew.scholz) Date: 2020-09-22 15:26
I think you are right. I'll move this to the Django bug tracker. 

Thank you.
msg377338 - (view) Author: Eric V. Smith (eric.smith) * (Python committer) Date: 2020-09-22 15:28
No problem. Good luck!
History
Date User Action Args
2020-09-22 15:28:21eric.smithsetstatus: open -> closed
resolution: third party
messages: + msg377338

stage: resolved
2020-09-22 15:26:56drew.scholzsetmessages: + msg377337
2020-09-22 11:14:59eric.smithsetnosy: + eric.smith
messages: + msg377310
2020-09-22 00:14:10drew.scholzcreate