Bird
Raised Fist0
Djangoframework~10 mins

Built-in middleware overview in Django - Interactive Code Practice

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to add Django's built-in middleware for security.

Django
MIDDLEWARE = [
    '[1]',
]
Drag options to blanks, or click blank then click option'
Adjango.middleware.security.SecurityMiddleware
Bdjango.middleware.common.CommonMiddleware
Cdjango.middleware.csrf.CsrfViewMiddleware
Ddjango.middleware.clickjacking.XFrameOptionsMiddleware
Attempts:
3 left
💡 Hint
Common Mistakes
Choosing middleware that handles other concerns like CSRF or clickjacking.
2fill in blank
medium

Complete the code to include middleware that manages sessions.

Django
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    '[1]',
]
Drag options to blanks, or click blank then click option'
Adjango.contrib.sessions.middleware.SessionMiddleware
Bdjango.middleware.csrf.CsrfViewMiddleware
Cdjango.middleware.clickjacking.XFrameOptionsMiddleware
Ddjango.middleware.common.CommonMiddleware
Attempts:
3 left
💡 Hint
Common Mistakes
Confusing session middleware with CSRF or common middleware.
3fill in blank
hard

Fix the error in the middleware list by adding the correct middleware for CSRF protection.

Django
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    '[1]',
]
Drag options to blanks, or click blank then click option'
Adjango.middleware.clickjacking.XFrameOptionsMiddleware
Bdjango.middleware.csrf.CsrfViewMiddleware
Cdjango.middleware.common.CommonMiddleware
Ddjango.middleware.locale.LocaleMiddleware
Attempts:
3 left
💡 Hint
Common Mistakes
Using middleware for clickjacking or locale instead of CSRF.
4fill in blank
hard

Fill both blanks to add middleware for common HTTP features and clickjacking protection.

Django
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    '[1]',
    '[2]',
]
Drag options to blanks, or click blank then click option'
Adjango.middleware.common.CommonMiddleware
Bdjango.middleware.locale.LocaleMiddleware
Cdjango.middleware.clickjacking.XFrameOptionsMiddleware
Ddjango.middleware.gzip.GZipMiddleware
Attempts:
3 left
💡 Hint
Common Mistakes
Mixing locale or gzip middleware instead of common or clickjacking.
5fill in blank
hard

Fill all three blanks to create a dictionary comprehension filtering middleware names that contain 'Security' and converting them to uppercase.

Django
security_middleware = {name[1]: name[2] for name in MIDDLEWARE if 'Security' [3] name}
Drag options to blanks, or click blank then click option'
A.lower()
B.upper()
Cin
Dnot in
Attempts:
3 left
💡 Hint
Common Mistakes
Using not in instead of in, or wrong string methods.

Practice

(1/5)
1. Which of the following is a primary purpose of Django's built-in middleware?
easy
A. To automatically process requests and responses
B. To create database models
C. To write HTML templates
D. To manage static files

Solution

  1. Step 1: Understand middleware role

    Django middleware acts as a layer that processes requests before views and responses after views.

  2. Step 2: Identify correct purpose

    Creating models, writing templates, and managing static files are handled by other parts of Django, not middleware.

  3. Final Answer:

    To automatically process requests and responses -> Option A

  4. Quick Check:

    Middleware = process requests/responses [OK]
Hint: Middleware handles request/response flow automatically [OK]
Common Mistakes:
  • Confusing middleware with models or templates
  • Thinking middleware manages static files
  • Assuming middleware writes HTML
2. Which of the following is the correct way to add built-in middleware in Django's settings.py?
easy
A. MIDDLEWARE = django.middleware.security.SecurityMiddleware
B. MIDDLEWARE = {'django.middleware.security.SecurityMiddleware'}
C. MIDDLEWARE = ('django.middleware.security.SecurityMiddleware')
D. MIDDLEWARE = ['django.middleware.security.SecurityMiddleware']

Solution

  1. Step 1: Check correct data type for MIDDLEWARE

    Django expects MIDDLEWARE to be a list of strings representing middleware classes.

  2. Step 2: Identify correct syntax

    MIDDLEWARE = ['django.middleware.security.SecurityMiddleware'] uses a list with one string, which is correct. Options B uses a set, C is a string without list, and D is invalid syntax.

  3. Final Answer:

    MIDDLEWARE = ['django.middleware.security.SecurityMiddleware'] -> Option D

  4. Quick Check:

    Middleware list syntax = MIDDLEWARE = ['django.middleware.security.SecurityMiddleware'] [OK]
Hint: Middleware must be a list of strings in settings.py [OK]
Common Mistakes:
  • Using sets or tuples instead of lists
  • Omitting quotes around middleware path
  • Assigning middleware without brackets
3. Given this middleware order in settings.py:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
]
What happens if a request triggers a CSRF failure?
medium
A. The request passes through all middleware without blocking
B. The session middleware blocks the request before CSRF check
C. The CSRF middleware blocks the request before reaching the view
D. The security middleware blocks the request after CSRF check

Solution

  1. Step 1: Understand middleware order and function

    Middleware runs in order on request. CSRF middleware checks tokens and blocks if invalid.

  2. Step 2: Identify which middleware blocks on CSRF failure

    CSRF middleware is responsible for blocking bad requests before views. Session middleware runs earlier but doesn't block CSRF. Security middleware runs first but does not handle CSRF.

  3. Final Answer:

    The CSRF middleware blocks the request before reaching the view -> Option C

  4. Quick Check:

    CSRF middleware blocks bad requests [OK]
Hint: CSRF middleware blocks invalid tokens before views [OK]
Common Mistakes:
  • Thinking session middleware blocks CSRF errors
  • Assuming security middleware handles CSRF
  • Believing request always passes through
4. You added 'django.middleware.csrf.CsrfViewMiddleware' after 'django.middleware.security.SecurityMiddleware' but get CSRF errors on valid requests. What is the likely problem?
medium
A. Security middleware must be removed to fix CSRF errors
B. Middleware order is incorrect; CSRF middleware should come after session middleware
C. CSRF middleware requires no session middleware to work
D. CSRF middleware should be first in the list

Solution

  1. Step 1: Recall middleware order importance

    CSRF middleware depends on session middleware to access session data for tokens.

  2. Step 2: Identify correct order

    Session middleware must come before CSRF middleware. If CSRF middleware is before session, it can't validate tokens properly, causing errors.

  3. Final Answer:

    Middleware order is incorrect; CSRF middleware should come after session middleware -> Option B

  4. Quick Check:

    Session before CSRF middleware fixes errors [OK]
Hint: Session middleware must precede CSRF middleware [OK]
Common Mistakes:
  • Removing security middleware unnecessarily
  • Placing CSRF middleware first
  • Ignoring middleware order dependencies
5. You want to add a custom middleware that logs request info and must run after security checks but before session handling. Given the default order:
[
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
]
Where should you insert your custom middleware?
hard
A. Between SecurityMiddleware and SessionMiddleware
B. Before SecurityMiddleware
C. After SessionMiddleware
D. At the end of the list

Solution

  1. Step 1: Understand middleware order effect

    Middleware runs top to bottom on request. To run after security but before session, place custom middleware between them.

  2. Step 2: Identify correct insertion point

    SecurityMiddleware is first, SessionMiddleware second. Insert custom middleware as second item to run after security and before session.

  3. Final Answer:

    Between SecurityMiddleware and SessionMiddleware -> Option A

  4. Quick Check:

    Insert custom middleware between security and session [OK]
Hint: Middleware order controls execution sequence [OK]
Common Mistakes:
  • Placing custom middleware before security
  • Putting it after session middleware
  • Adding it at the end ignoring order