How to stop Django Rest Framework from leaking docstrings into OPTIONS responses

By Dan Bader — Get free updates of new posts here.

When you make an HTTP OPTIONS request against an endpoint in a Django Rest Framework app you might be surprised about what you’ll find in the response to that request.

In its default configuration Rest Framework returns a bunch of metadata that you might not want to return as part of the response. Here’s an example:

$ http OPTIONS localhost:8000/api/v1/test/

HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Type: application/json
Date: Tue, 02 Mar 2016 8:23:00 GMT
Server: WSGIServer/0.2 CPython/3.5.1
Vary: Cookie

{
    "description": "This is the docstring of the view handling the
        request\nThis might contain information you don't want to leak
        out in an OPTIONS request.\n",
    "name": "Test Endpoint",
    "parses": [
        "application/x-www-form-urlencoded",
        "multipart/form-data",
        "application/json"
    ],
    "renders": [
        "application/json"
    ]
}

As you can see, by default the response includes the full docstring for the view as part of the description field. If that’s not what you want you can configure the metadata returned by Django Rest Framework through the metadata scheme mechanism.

Here’s a null metadata scheme that configures OPTIONS responses to be empty:

from rest_framework.metadata import BaseMetadata

class NoMetaData(BaseMetadata):
    def determine_metadata(self, request, view):
        return None

To set that metadata class globally we can use the DEFAULT_METADATA_CLASS setting in Rest Framework:

REST_FRAMEWORK = {
    'DEFAULT_METADATA_CLASS': 'yourapp.metadata.NoMetaData'
}

When we make the same OPTIONS request now we get the empty response we wanted:

$ http OPTIONS localhost:8000/api/v1/test/

HTTP/1.0 200 OK
Allow: POST, OPTIONS
Content-Type: application/json
Date: Tue, 02 Mar 2016 8:42:00 GMT
Server: WSGIServer/0.2 CPython/3.5.1
Vary: Cookie

<strong><em>Improve Your Python</em></strong> with a fresh 🐍 <strong>Python Trick</strong> 💌 every couple of days

Improve Your Python with a fresh 🐍 Python Trick 💌 every couple of days

🔒 No spam ever. Unsubscribe any time.

This article was filed under: django, programming, python, and web-development.

Related Articles:

Parsing ISO 8601 timestamps in plain Django – “How do I parse an ISO 8601 formatted date in Django without bringing in extra dependencies?”
Debugging memory usage in a live Python web app – I worked on a Python web app a while ago that was struggling with using too much memory in production. A helpful technique for debugging this issue was adding a simple API endpoint that exposed memory stats while the app was running.
Generate and host your API documentation for free with open-source tools – How to generate documentation for a RESTful API as part of your continuous integration build and then automatically deploy it to a website. Includes a full example project on GitHub.
Sublime Text plugin review: Djaneiro – A review of Djaneiro, a Sublime Text plugin for Django development.
A countdown timer extension for Alfred – I wrote a countdown timer extension for the Alfred application launcher for OS X. The extension is open-source, written in Python and uses Mountain Lion’s user notifications.

Latest Articles:

Interfacing Python and C: The CFFI Module – How to use Python’s built-in CFFI module for interfacing Python with native libraries as an alternative to the “ctypes” approach.
Write More Pythonic Code by Applying the Things You Already Know – There’s a mistake I frequently make when I learn new things about Python… Here’s how you can avoid this pitfall and learn something about Python’s “enumerate()” function at the same time.
Working With File I/O in Python – Learn the basics of working with files in Python. How to read from files, how to write data to them, what file seeks are, and why files should be closed.
How to Reverse a String in Python – An overview of the three main ways to reverse a Python string: “slicing”, reverse iteration, and the classic in-place reversal algorithm. Also includes performance benchmarks.
Mastering Click: Writing Advanced Python Command-Line Apps – How to improve your existing Click Python CLIs with advanced features like sub-commands, user input, parameter types, contexts, and more.
Working with Random Numbers in Python – An overview for working with randomness in Python, using only functionality built into the standard library and CPython itself.

← Browse All Articles

🐍 Python Tricks 💌