What is middleware in django

A middleware component is nothing more than a Python class that follows a specific API. In Django, middleware is a small plugin that runs in the background while the request and response are being processed. The application's middleware is utilized to complete a task. Security, session, csrf protection, and authentication are examples of functions. Django comes with a variety of built-in middleware and allows us to develop our own. The Django project's settings.py file, comes equipped with various middleware that is used to offer functionality to the application. Security Middleware, for example, is used to keep the application secure. There are many such middleware’s as a part of Django that each have different functionalities.

Django comes with some built-in middleware that help deal with certain problems that may occur. In the settings.py file in a Django project, the middleware is coded. By default, the middleware built-in when a project is created, can be seen below.

#located in the settings.py
MIDDLEWARE = [
   'django.middleware.security.SecurityMiddleware',
   'django.contrib.sessions.middleware.SessionMiddleware',
   'django.middleware.common.CommonMiddleware',
   'django.middleware.csrf.CsrfViewMiddleware',
   'django.contrib.auth.middleware.AuthenticationMiddleware',
   'django.contrib.messages.middleware.MessageMiddleware',
   'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

There are a lot of inbuilt middleware that are a part of a Django project. A few of the most commonly used are mentioned below.

Authentication Support Middleware

Authentication is supported by this middleware. Every incoming HttpRequest object gets the request.user attribute, which represents the currently logged-in user. This is declared in settings.py and is a very crucial middleware since it checks for the realness of the user logged in. It is useful in detecting fake accounts.

Middleware class − django.contrib.auth.middleware.AuthenticationMiddleware.

Session Support Middleware

This middleware enables session support. On a per-site visitor basis, this session architecture allows you to store and retrieve arbitrary data. It abstracts the sending and receiving of cookies by storing data on the server side. Cookies only store a hashed session ID, not the data itself, which protects you from most cookie issues.

Middleware class − django.contrib.sessions.middleware.SessionMiddleware.

Common Middleware

This middleware adds a few additional benefits to make developers life easier. It forbids access to user agents in the ``DISALLOWED_USER_AGENTS`` setting: If you want to use this setting, you should be a list of compiled regular expression objects. These objects are to be matched against the user-agent header for each incoming request.

import re
DISALLOWED_USER_AGENTS =
   ( re.compile(r'^reddit_bot'),
   re.compile(r'^Bingbot')

Middleware class − django.middleware.common.CommonMiddleware.

Some of the other built-in middleware are security middleware plays a major role in protecting your site from hackers who might perform SQL injection, cross-site scripting or any other malicious methods that may put your site and data at risk.