Django includes several middleware classes that handle security, session management, authentication, and other core functionalities. These middleware components are listed in MIDDLEWARE inside settings.py.
Enhances security by enforcing HTTPS, preventing clickjacking, and setting security headers.
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
]
SECURE_SSL_REDIRECT = True.X-Content-Type-Options: nosniff header to prevent MIME-type sniffing.X-Frame-Options header.Handles various HTTP enhancements, including URL normalization and redirecting missing slashes.
MIDDLEWARE = [
'django.middleware.common.CommonMiddleware',
]
/page to /page/ if APPEND_SLASH = True.DISALLOWED_USER_AGENTS.USE_ETAGS for caching.Protects against Cross-Site Request Forgery (CSRF) attacks by validating CSRF tokens in requests.
MIDDLEWARE = [
'django.middleware.csrf.CsrfViewMiddleware',
]
{% endraw %}{% csrf_token %} in forms for protection.Associates users with requests, making request.user available in views.
MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware',
]
request.user based on the session.SessionMiddleware to be enabled.Handles user sessions by enabling session storage in cookies or databases.
MIDDLEWARE = [
'django.contrib.sessions.middleware.SessionMiddleware',
]
request.session.Protects against clickjacking by setting X-Frame-Options headers.
MIDDLEWARE = [
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
X_FRAME_OPTIONS = 'ALLOW-FROM' is set.Enables temporary messages between requests, used with Django’s messages framework.
MIDDLEWARE = [
'django.contrib.messages.middleware.MessageMiddleware',
]
request.get_messages() to retrieve messages.Enables language translation and timezone handling for internationalization.
MIDDLEWARE = [
'django.middleware.locale.LocaleMiddleware',
]
LANGUAGE_CODE and LOCALE_PATHS for translations.Each middleware component plays a specific role in handling requests, responses, and security features.