Drop `django-debreach` - Githubissues

vintasoftware / django-react-boilerplate

Django 5, React, Bootstrap 5 with Python 3 and Webpack project boilerplate

MIT License

2.01k stars 481 forks source link

Drop `django-debreach` #666

Closed pamella closed 6 months ago

pamella commented 6 months ago

Description

Drop django-debreach due to the breach attach mitigation (HTB) added in django 4.2

https://docs.djangoproject.com/en/5.0/ref/middleware/\#django.middleware.gzip.GZipMiddleware

Motivation and Context

Resolves #665

Screenshots (if appropriate):

Steps to reproduce (if appropriate):

Add "django.middleware.gzip.GZipMiddleware" to a testing django app, and make sure requests are using gzip as Content-Encoding and the Content-Length is now changing randomly for the same request.

Screencast from 27-05-2024 15:31:49.webm

Types of changes

[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

[X] My code follows the code style of this project.
[X] My change requires documentation updates.
[X] I have updated the documentation accordingly.
[X] My change requires dependencies updates.
[X] I have updated the dependencies accordingly.