Generally speaking, there should be consistent handling of `SCRIPT_NAME`
in the settings -- either consider it for all settings or for none.
--
Ticket URL: <https://code.djangoproject.com/ticket/28473>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Comment (by Tim Graham):
I guess the idea would be to use `request.path_info` instead of
`request.path` in the
[https://github.com/django/django/blob/5cb7619995bd8df2969d4e92984768a4f14af89b/django/middleware/security.py#L21
SecurityMiddleware]?
Can you elaborate on the use case and how the behavior will change? Could
the change break existing working configurations?
--
Ticket URL: <https://code.djangoproject.com/ticket/28473#comment:1>
Comment (by Jonas Haag):
See #25598 for discussion of the use case (the setting should be
independent from the subpath the application is mounted at). This breaks
existing sites, yes. I haven't had a look into the implementation.
--
Ticket URL: <https://code.djangoproject.com/ticket/28473#comment:2>
* component: Uncategorized => HTTP handling
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/28473#comment:3>