(I discussed this issue before with Florian Apolloner in
secu...@djangoproject.com, and we decided to open a thread here).
Consider simple view:
class MyView(View):
def patch(self, request, *args, **kwargs):
request.read()
return HttpResponse('test')
Next, consider request:
It will return 'test', as expected.
But, with the next request,
For example, django-rest-framework is calling `request.read()` in it's parsers,
and this lib is popular, so every POST or PATCH request may cause this
issue.
Without proper frontend server configuration, server may become vulnerable to some DoS-attacks.
At least, this issue should be documented, but I believe that there is a way to resolve it in code,
without hoping that frontend server will deal with it.