Improve handling when DJDT views don't respond with JSON

[TreyWW]

Sidebar loads fine until you press any of the buttons, for example "Cache".

As soon as i press it i get

VM14865:2 Uncaught (in promise) SyntaxError: Unexpected token '<', "
<html>

<h"... is not valid JSON

I load django toolbar at the start so

urlpatterns = [

]
if settings.DEBUG:
    import debug_toolbar

    urlpatterns += [
        url("__debug__/", include(debug_toolbar.urls)),
    ]

urlpatterns += [] # my normal urls

Also does it after my normal urls. Does it in all of my projects now, not sure why but it's really annoying. One of my other test pages calls a request every 7 seconds, and each time it fetches data i get that error on my screen. So annoying.

I'm happy to provide more details

Thanks :)

---

Edit from Tim:

This issue is because the toolbar views have some authorization logic wrapping them causing the responses to be HTML rather than JSON. Our JS frontend should identify when the responses don't match expectations and notify the user of such to make it easier to diagnose.

[TreyWW]

Also error comes from here

[tim-schilling]

Can you share what's going on in the network panel of the browser developer tools? Something is returning an html response when it's not expected.

[TreyWW]

Sure thing

aha, http://127.0.0.1:8000/login/?next=/__debug__/history_sidebar/%3Fstore_id%3D221f0a9e2ea44d7ba227eddf737e62d7

By that i assume it's trying to login to view things. I need to find the url name to an allowed list to avoid it being blocked I'll let you know if i cant find it

[tim-schilling]

As an aside, the preferred terms for that type of functionality are allow-list and deny-list. I know you're not from the US so there are some contextual differences, but whitelist and blacklist have their roots in systematic racism and discrimination in the US.

[TreyWW]

My apologies, i've never heard of that being offensive before, sorry.

I added name="django_toolbar" and added that to my login allow_list but seems its a list of urls it still gets blocked. Not quite sure what else to try

I use https://pypi.org/project/django-login-required-middleware/

[tim-schilling]

Thank you for being understanding!

---

What if you include r'/__debug__/' in LOGIN_REQUIRED_IGNORE_PATHS rather than the URL name?

[TreyWW]

Yeah i've added

LOGIN_REQUIRED_IGNORE_PATHS = [
    r"/login/$", r"^__debug__/$", r"debug__/$", r"__debug__/$",
]

But still same error

[tim-schilling]

Thank you for sharing that. It's because $ is an indicator for the last character in the string. If you want to match anything that starts with just __debug__/ you need to remove that character.

[TreyWW]

r"__debug__/" still gives an error too

[tim-schilling]

Does it need the leading /?

[TreyWW]

Sorry missed the message, yep you were right, works fine with

LOGIN_REQUIRED_IGNORE_PATHS = [
    r"/login/$", r"__debug__",
]

Thank you @tim-schilling

[tim-schilling]

Re-opening because I'm re-purposing the issue

[TreyWW]

Hmm, i'm attempting to do this fix on my other project and this still doesn't work even with

LOGIN_REQUIRED_IGNORE_PATHS = [
    r"/login/$", r"__debug__"
]

[TreyWW]

Fixed again had to have /__debug__/ to this one as well as __debug__

[matthiask]

Yeah, the middleware uses re.match, not re.search: https://github.com/CleitonDeLima/django-login-required-middleware/blob/d4535f5a9f61d4d24012fbbbd1d32d4d9b7002bf/login_required/middleware.py#L26

Therefore you have to use a regex which matches from the beginning, not somewhere inside.

(You could try r".*__debug__" but that might be too broad.)

[folt]

I have the same problem. The example from the documentation results in an error. path("__debug__/", include("debug_toolbar.urls"))

[tim-schilling]

@folt I appreciate you voicing your support for this issue. What's would be helpful for this issue is including the actual error to confirm that it is indeed the error that this issue is regarding. If it's not the same error, then this is not the appropriate place for that message.

[folt]

On some of my projects I get this error. But it did not block their work and I rarely include django-debug-toolbar in the production environment. That's why I always ignored this error.

After doing some research, I realized that the problem is with ajax requests. Then I found the issue https://github.com/jazzband/django-debug-toolbar/pull/1610 (Automatically update History panel on AJAX requests from client.) I don’t see any problems locally, but the error appears on the server. It seems that the issue is that the automatic switching of History panel on AJAX does not work under certain conditions.

@tim-schilling

[tim-schilling]

@folt Understood. Could you please create a new issue with the error and how to reproduce it?