class BrokenLinkEmailsMiddleware [source] Sends broken link notification emails to MANAGERS (see Error reporting).

class CommonMiddleware [source] Adds a few conveniences for perfectionists: Forbids access to user agents in the DISALLOWED_USER_AGENTS setting, which should be a list of compiled regular expression objects. Performs URL rewriting based on the APPEND_SLASH and PREPEND_WWW settings. If APPEND_SLASH is True and the initial URL doesn’t end with a slash, and it is not found in the URLconf, then a new URL is formed by appending a slash at the end. If this new URL is found in the URLconf, then D

CommonMiddleware.response_redirect_class Defaults to HttpResponsePermanentRedirect. Subclass CommonMiddleware and override the attribute to customize the redirects issued by the middleware.

class CsrfViewMiddleware [source] Adds protection against Cross Site Request Forgeries by adding hidden form fields to POST forms and checking requests for the correct value. See the Cross Site Request Forgery protection documentation.

class ExceptionMiddleware New in Django 1.10. Catches exceptions raised during the request/response cycle and returns the appropriate response. Http404 is processed by handler404 (or a more friendly debug page if DEBUG=True). PermissionDenied is processed by handler403. MultiPartParserError is processed by handler400. SuspiciousOperation is processed by handler400 (or a more friendly debug page if DEBUG=True). Any other exception is processed by handler500 (or a more friendly debug pag

class GZipMiddleware [source] Warning Security researchers recently revealed that when compression techniques (including GZipMiddleware) are used on a website, the site may become exposed to a number of possible attacks. Before using GZipMiddleware on your site, you should consider very carefully whether you are subject to these attacks. If you’re in any doubt about whether you’re affected, you should avoid using GZipMiddleware. For more details, see the the BREACH paper (PDF) and breachatt

class ConditionalGetMiddleware [source] Handles conditional GET operations. If the response has a ETag or Last-Modified header, and the request has If-None-Match or If-Modified-Since, the response is replaced by an HttpResponseNotModified. Also sets the Date and Content-Length response-headers.

class LocaleMiddleware [source] Enables language selection based on data from the request. It customizes content for each user. See the internationalization documentation.

LocaleMiddleware.response_redirect_class Defaults to HttpResponseRedirect. Subclass LocaleMiddleware and override the attribute to customize the redirects issued by the middleware.

class SecurityMiddleware [source] The django.middleware.security.SecurityMiddleware provides several security enhancements to the request/response cycle. Each one can be independently enabled or disabled with a setting. SECURE_BROWSER_XSS_FILTER SECURE_CONTENT_TYPE_NOSNIFF SECURE_HSTS_INCLUDE_SUBDOMAINS SECURE_HSTS_SECONDS SECURE_REDIRECT_EXEMPT SECURE_SSL_HOST SECURE_SSL_REDIRECT