In Django, the middleware is a lightweight plugin that processes during the request and the response execution. Middleware is used to perform a function in the application. These functions can be a security, session, csrf protection, authentication etc.
Django provides various built-in middleware and also allow us to write our own middleware. settings.py file of the Django project contains various middleware that is used to provides functionalities to the application. For example, Security Middleware is used to maintain the security of the application.// settings.py
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
Middleware is a class that takes the argument as get_response and then returns a response.
class FirstMiddleware: def __init__(self, get_response): self.get_response = get_response def __call__(self, request): response = self.get_response(request) return response
It must accept the get_response argument because Django initializes middleware only with it.
To activate the middleware we have to add it to the MIDDLEWARE list of the settings.py file.
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XframeOptionsMiddleware', 'add new created middleware here' ]
Middleware applies in the order it is defined in the MIDDLEWARE list and each middleware class is a layer. The MIDDLEWARE list is like an onion so each request passes through top to the bottom and response will be in reverse order (bottom to up).
We also have three more methods to add more features to our middleware.process_view(request, view_func, view_args, view_kwargs )
It takes the HttpRequest object, function object, list of arguments passed to the view or a dictionary of arguments respectively.
This method executes just before the calling of the view. It returns either None or the HttpResponse. If it returns an HttpResponse then it stops processing and return the result.process_template_response(request,response)
It takes two arguments, first is a reference of the HttpRequest and second is the HttpResponse object. This method is called just after the view finishes the execution.
It returns a response object which implements the render method.process_exception(request, exception)
This method takes two arguments, first is the HttpRequest object and second is the Exception class object that is raised by the view function.
This method returns either None or the HttpResponse object. If it returns a response then the middleware will be applied and the result returns to the browser. Otherwise, the exception is handled by the default handling system.