Python Training by Dan Bader

How to stop Django Rest Framework from leaking docstrings into OPTIONS responses

When you make an HTTP OPTIONS request against an endpoint in a Django Rest Framework app you might be surprised about what you’ll find in the response to that request.

In its default configuration Rest Framework returns a bunch of metadata that you might not want to return as part of the response. Here’s an example:

$ http OPTIONS localhost:8000/api/v1/test/
HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Type: application/json
Date: Tue, 02 Mar 2016 8:23:00 GMT
Server: WSGIServer/0.2 CPython/3.5.1
Vary: Cookie
{
    "description": "This is the docstring of the view handling the
        request\nThis might contain information you don't want to leak
        out in an OPTIONS request.\n",
    "name": "Test Endpoint",
    "parses": [
        "application/x-www-form-urlencoded",
        "multipart/form-data",
        "application/json"
    ],
    "renders": [
        "application/json"
    ]
}

As you can see, by default the response includes the full docstring for the view as part of the description field. If that’s not what you want you can configure the metadata returned by Django Rest Framework through the metadata scheme mechanism.

Here’s a null metadata scheme that configures OPTIONS responses to be empty:

from rest_framework.metadata import BaseMetadata

class NoMetaData(BaseMetadata):
    def determine_metadata(self, request, view):
        return None

To set that metadata class globally we can use the DEFAULT_METADATA_CLASS setting in Rest Framework:

REST_FRAMEWORK = {
    'DEFAULT_METADATA_CLASS': 'yourapp.metadata.NoMetaData'
}

When we make the same OPTIONS request now we get the empty response we wanted:

$ http OPTIONS localhost:8000/api/v1/test/
HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Type: application/json
Date: Tue, 02 Mar 2016 8:42:00 GMT
Server: WSGIServer/0.2 CPython/3.5.1
Vary: Cookie

<strong><em>Improve Your Python</em></strong> with a fresh 🐍 <strong>Python Trick</strong> 💌 every couple of days

Improve Your Python with a fresh 🐍 Python Trick 💌 every couple of days

🔒 No spam ever. Unsubscribe any time.

This article was filed under: django, programming, python, and web-development.

Related Articles:

🐍🐍 Peer-to-Peer Learning for Pythonistas PythonistaCafe is an invite-only, online community of Python and software development enthusiasts helping each other succeed and grow: » Learn more at pythonistacafe.com

Latest Articles:
Pip, PyPI, Virtualenv: How to Set It All Up

Pip, PyPI, Virtualenv: How to Set It All Up
Avoid common Python packaging pitfalls with this free email course:
» Click here to get the first lesson

← Browse All Articles