Dan Bader

How to stop Django Rest Framework from leaking docstrings into OPTIONS responses

When you make an HTTP OPTIONS request against an endpoint in a Django Rest Framework app you might be surprised about what you’ll find in the response to that request.

In its default configuration Rest Framework returns a bunch of metadata that you might not want to return as part of the response. Here’s an example:

$ http OPTIONS localhost:8000/api/v1/test/
HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Type: application/json
Date: Tue, 02 Mar 2016 8:23:00 GMT
Server: WSGIServer/0.2 CPython/3.5.1
Vary: Cookie
{
    "description": "This is the docstring of the view handling the
        request\nThis might contain information you don't want to leak
        out in an OPTIONS request.\n",
    "name": "Test Endpoint",
    "parses": [
        "application/x-www-form-urlencoded",
        "multipart/form-data",
        "application/json"
    ],
    "renders": [
        "application/json"
    ]
}

As you can see, by default the response includes the full docstring for the view as part of the description field. If that’s not what you want you can configure the metadata returned by Django Rest Framework through the metadata scheme mechanism.

Here’s a null metadata scheme that configures OPTIONS responses to be empty:

from rest_framework.metadata import BaseMetadata

class NoMetaData(BaseMetadata):
    def determine_metadata(self, request, view):
        return None

To set that metadata class globally we can use the DEFAULT_METADATA_CLASS setting in Rest Framework:

REST_FRAMEWORK = {
    'DEFAULT_METADATA_CLASS': 'yourapp.metadata.NoMetaData'
}

When we make the same OPTIONS request now we get the empty response we wanted:

$ http OPTIONS localhost:8000/api/v1/test/
HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Type: application/json
Date: Tue, 02 Mar 2016 8:42:00 GMT
Server: WSGIServer/0.2 CPython/3.5.1
Vary: Cookie

Improve Your Python with a fresh 🐍 Python Trick 💌 every couple of days

🔒 No spam ever. Unsubscribe any time.

This article was filed under: django, programming, python, and web-development.

Related Articles:
Latest Articles:
  • Context Managers and the “with” Statement in Python – The “with” statement in Python is regarded as an obscure feature by some. But when you peek behind the scenes of the underlying Context Manager protocol you’ll see there’s little “magic” involved.
  • Installing Python and Pip on Windows – In this tutorial you’ll learn how to set up Python and the Pip package manager on Windows 10, completely from scratch.
  • Sublime Text Settings for Writing Clean Python – How to write beautiful and clean Python by tweaking your Sublime Text settings so that they make it easier to adhere to the PEP 8 style guide recommendations.
  • How Sublime Text’s Preferences Work – Sublime Text uses a powerful text-based settings system that can be a little intimidating when you encounter it for the first time. This article gives an overview of the system and points out some common mistakes to avoid.
  • Writing Clean Python With Namedtuples – Python comes with a specialized “namedtuple” container type that doesn’t seem to get the attention it deserves. It’s one of these amazing features in Python that’s hidden in plain sight.
  • Lambda Functions in Python: What Are They Good For? – An introduction to “lambda” expressions in Python: What they’re good for, when you should use them, and when it’s best to avoid them.
← Browse All Articles