4

I am using the middleware provided in https://gist.github.com/426829 to do cross site scripting.

However, when I add the middleware to MIDDLEWARE_CLASSES, I get the error:

ImproperlyConfigured: isn't a middleware module.

My MIDDLEWARE_CLASSES looks like this:

MIDDLEWARE_CLASSES = ('django.middleware.common.CommonMiddleware',
                      'django.contrib.sessions.middleware.SessionMiddleware',
                      'django.middleware.csrf.CsrfViewMiddleware',
                      'django.contrib.auth.middleware.AuthenticationMiddleware',
                      'django.contrib.messages.middleware.MessageMiddleware',
                      'TempMiddleware',)

I have not changed any code in the gist. process_request and process_response methods are there. I am on Ubuntu running the latest versions of Python and Django.

Dominic Rodger
  • 97,747
  • 36
  • 197
  • 212
sbidwai
  • 608
  • 9
  • 25
  • Show us your MIDDLEWARE_CLASSES setting. – Dominic Rodger Jan 16 '12 at 09:20
  • MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'TempMiddleware', ) – sbidwai Jan 16 '12 at 09:38
  • Its able to locate the middleware module though. As error reads - TempMiddleware isnt a middleware module. – sbidwai Jan 16 '12 at 09:41
  • yes. importing works in the shell. – sbidwai Jan 16 '12 at 09:49
  • 1
    What's `TempMiddleware` - the gist refers to `XsSharing`? – Dominic Rodger Jan 16 '12 at 09:56
  • Got it. Should have provided class name, rather than module name. Thanks for helping. But now getting "Origin http://127.0.0.1 is not allowed by Access-Control-Allow-Origin." – sbidwai Jan 16 '12 at 10:04
  • looks from the gist like you need to set `XS_SHARING_ALLOWED_ORIGINS`, whatever that means. – Dominic Rodger Jan 16 '12 at 10:59
  • @DominicRodger Thanks. But solved the issue. Middleware I was using does not specify everything. I had to modify it to use allowed request headers. – sbidwai Jan 16 '12 at 11:05

2 Answers2

3

What's TempMiddleware? The name of the module, or the name of the class? As you can see with the other entries, you need the fully-qualified Python path of the actual class. If TempMiddleware is the name of the module, you need TempMiddleware.MyMiddlewareClass (and you should really follow PEP8 naming conventions) - and if it's the name of the class, you need my_module.TempMiddleware.

Daniel Roseman
  • 588,541
  • 66
  • 880
  • 895
  • Thanks, I understand that now. But even though now backend is working, I am still getting following error. Origin http://127.0.0.1 is not allowed by Access-Control-Allow-Origin. – sbidwai Jan 16 '12 at 10:12
2

Edit:

TempMiddleware is not importable. It's the name of the class, you must put the entire import path.

E.g:

'django.contrib.auth.middleware.AuthenticationMiddleware'

and not

'AuthenticationMiddleware'

So if your class is in app_name/middleware.py, it should be

app_name.middlaware.TempMiddleware

It just mean that in your settings file, the variable MIDDLEWARE_CLASSES contains a list of modules in which one of the listed module is not a middleware.

Possible causes:

  • you added a middleware that doesn't declare middleware methods: fix that by removing the last middleware you added
  • you added a correct middleware but forget to put a coma at the end of the name, so strings are concatenated and it make django thinks 2 middlewares are in fact one: fix that by adding the missing coma
Bite code
  • 578,959
  • 113
  • 301
  • 329