i am experimenting with UTF-8 for usernames in a django app.
Django is Version 3.2.11
Python used is 3.9.4
Some users might have a profile visible to others and ther username in the url:
re_path("^u/(?P<username>\w+)/$", views.author_profile_view, name="author_profile_view"),
Normal Example works fine:
Browser shows -> /u/brainyChowder3/
Django shows -> GET /u/brainyChowder3/ HTTP/1.1" 200 10593
UTF-8 example 1 works also fine:
Browser shows -> /u/ɊȁⱲÒđΈⱦİĬd/
Django shows -> GET /u/%C9%8A%C8%81%E2%B1%B2%C3%92%C4%91%CE%88%E2%B1%A6%C4%B0%C4%ACd/ HTTP/1.1" 200 12508
But this UTF-8 does not work:
Browser shows -> /u/ɂáⱳ1⁄4%7Cĭğę
Django shows -> "GET /u/%C9%82%C3%A1%E2%B1%B31%E2%81%844%7C%C4%AD%C4%9F%C4%99 HTTP/1.1" 404 5585
The browser does show it strange, as he does not "translate" %7C to |, but that should be just optical?
Error shown is just
Page not found (404)
Request Method: GET
Request URL: http://127.0.0.1:8000/u/%C9%82%C3%A1%E2%B1%B31%E2%81%844%7C%C4%AD%C4%9F%C4%99
The current path, u/ɂáⱳ1⁄4|ĭğę, didn’t match any of these.
In Django shell I can query this user:
>>> User.objects.get(username='ɂáⱳ1⁄4|ĭğę')
<User: ɂáⱳ1⁄4|ĭğę>
The URI decoding looks ok to me.
I hope someone can explain why this is happening to one UTF-8 string, but not the other. Or maybe even knows how to fix it? :-D
I know it may not be the smartes thing to allow all UTF-8 for usernames, but this is more an experiment for me.
Thanks
The reason this happens has nothing to do with UTF-8, but with the fact that the username contains a non-word character (a character not matched by \w): a character that is not allowed for the <str:…> path converter. You can work with a <path:…>:
path('u/<path:username>/', some_view, name='some_name')
Related
I was sending the get request like this:
http:121.0.0.1:8000/userlogin/userName=test&password=12345#%
but accepted like this:
"GET /userlogin?username=admin&password=12345 HTTP/1.1" 403 2868
The # and % symbols were not received.
I cannot understand what happened here?
URL parameters have certain allowed characters in them, as explained in this question: https://stackoverflow.com/a/1455639/1726625
I suggest editing your password settings, and allowing/disallowing those characters and/or changing the method that you're using to not passing them as a URL parameter.
Could you ellaborate on the case that you need that for?
Working on a Django/React app. I have some verification emails links that look like the following:
https://test.example.com/auth/security_questions/f=ru&i=101083&k=7014c315f3056243534741610545c8067d64d747a981de22fe75b78a03d16c92
In dev env this works fine, but now that I am getting it ready for production, it isn't working. When I click on it, it converts it to:
https://test.example.com/auth/security_questions/f%3Dru&i%3D101083&k%3D7014c315f3056243534741610545c8067d64d747a981de22fe75b78a03d16c92/
This prevents react-router-dom from matching the correct URL, so a portion of the web application does not load properly.
The link is constructed using the following.
link = '%s/auth/security_questions/f=%s&i=%s&k=%s' % \
('https://test.example.com', 'ru', user.id, user.key)
Also, here is the url() that is catching the route:
url(r'^(?:.*)/$', TemplateView.as_view(template_name='index.html')),
These variables are supposed to be query parameters in a GET request. When you construct the link, you'll need to have a question mark in there somewhere separating the URL from the query string:
https://test.example.com/auth/security_questions/?f=ru&i=101083&k=7014c315...
^
|___ here
The conversion of = to url-encoded %3D etc is correct, and equivalent. Sometimes variables are part of the URL directly, but webapps don't use &-separated key/value pairs in that case.
I use Django 1.6.5.
I managed to view pdf in my google chrome using this code:
def generate_pdf(request):
...
with open("students.pdf", 'r') as pdf:
response = HttpResponse(pdf.read(), 'application/pdf')
return response
However I noticed that the view is called twice which isn't cool since I have pdf generation code in this view.
[31/May/2014 00:35:07] "GET /students/pdf/ HTTP/1.1" 200 18040
[31/May/2014 00:35:08] "GET /students/pdf/ HTTP/1.1" 200 18040
When I change the HttpResponse to look like this:
response = HttpResponse(pdf.read())
Then It will like the pdf opened in notepad. The pdf obviously doesn't render but the view is run only once.
Why adding just 'application/pdf' to my HttpResponse causes the view to run twice? :(
Before, I tested this only on Google Chrome. When testing on Firefox everything worked fine. What was more weird for me was that on my friend's laptop everything worked fine on chrome (by worked fine I mean view run only once). Then I had this thought - maybe some of the chrome extensions caused this? The anwer is YES.
My Google Chrome's AdBlocks caused the django view to run twice.
on deployment (Django + Dreamhost + passenger_wsgi)
in my urls.py:
url(ur'^(?P<url>.+)/$', 'alp.news.views.blog_dispatcher', name='blog_dispatcher'),
the link:
domain.name/%D0%98%D0%BD%D1%84%D0%B02/
leads to (looks like redirection):
domain.name/%25d0%2598%25d0%25bd%25d1%2584%25d0%25b02/
so, the "url" variable in my view = "%25d0%2598%25d0%25bd%25d1%2584%25d0%25b02"
locally (or using dev server)
When I use runserver command, even on deployment, it works well.
Ofcourse I could use urllib and unquote the url in my view, but the string in url still transforming '%' -> '%25'.
Have no idea, where does the magic begin: in passenger or wsgi app
May be someone could clear up ...
the magic was in dreamhost's 301 redirection, which double-quoted the path
I've made a Django application that uses tags. When i use tag 'c#' and try to redirect to mysiteaddress/tags/c# on server it redirects to ../tags/c and shows me stuff connected to 'c' tag, but when I do the same on my local development machine it redirects me to c%23 and works correctly. What should I change to make it work on production server?
Without more code I can't be too specific, but '#' corresponds to the character escape sequence %23 and something in your code may need to explicitly escape 'c#' before putting it in the url.
Here is a django-snippet that uses url-quoting:
http://www.djangosnippets.org/snippets/1159/
The solution to your problem might look like this:
from django.utils.http import urlquote
...
tag = urlquote(tag)
tag_url = base + "tags/" + tag
...