Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django custom handler404 shows 404 but gives header 200

I made a custom handler404 for a authenticated Django website to avoid information leakage.

def check_logged_in_404(request):
    """ Custom 404. Show friendly 404 when logged in and redirect to /login
    when not logged in.
    """
    if request.user.is_authenticated():
        return render_to_response('404.html')
    else:
        return HttpResponseRedirect('/login')

Functionally it does exactly what I want. However the 404 return page has a status 200, which is correct code-wise. But this obviously needs to be a 404 return status.

A raise404 doesn't work because, if not ending in a infinite recursion, it comes back here and thus results in the same issue.

I tried a HttpResponseNotFound, but this only takes a string as a argument and not a template, which is not to DRY-ish.

And I manually tried to set the header with:

    response = render_to_response('404.html')
    response['Status'] = "Not Found - 404"
    return response

Then the status header is indeed set but the browser still shows up a 200.

I'm out of options .. Anybody that has tips, please be my hero ... :)

Thanx and regards,

Gerard.

Edit: I tried the status field value in all sort btw, but no luck :(

like image 561
GerardJP Avatar asked Nov 28 '09 12:11

GerardJP


1 Answers

I'd use render_to_string and HttpResponseNotFound, e.g. return HttpResponseNotFound(render_to_string('404.html')).

like image 118
Cat Plus Plus Avatar answered Oct 22 '22 13:10

Cat Plus Plus