(I discussed this issue before with Florian Apolloner in secu...@djangoproject.com
, and we decided to open a thread here).
Consider simple view:
def patch(self, request, *args, **kwargs):
Next, consider request:
It will return 'test', as expected.
But, with the next request,
For example, django-rest-framework is calling `request.read()` in it's parsers,
and this lib is popular, so every POST or PATCH request may cause this
Without proper frontend server configuration, server may become vulnerable to some DoS-attacks.
At least, this issue should be documented, but I believe that there is a way to resolve it in code,
without hoping that frontend server will deal with it.