Add MAX_PAGE_SIZE setting #9107
Conversation
|
OK I saw the comment now #6185 (comment) it might be possible in class level but not globally at the moment. |
|
@auvipy I added tests for system checks, but didn't managed to find and add tests for settings with API requests like in |
Co-authored-by: Roman Gorbil <roman.gorbil@saritasa.com>
|
we got a PR related to this area #8993. would be helpful if you review and share your views on the PR. |
| max_page_size = None | ||
| # Defaults to `None`, meaning page size is unlimited. | ||
| # It's recommended that you would set a limit to avoid api abuse. | ||
| max_page_size = api_settings.MAX_PAGE_SIZE |
There was a problem hiding this comment.
Same as #8993, I think this should be a property to allow the setting be overriden in Django tests after the views were created.
| @@ -383,7 +385,7 @@ class LimitOffsetPagination(BasePagination): | |||
| limit_query_description = _('Number of results to return per page.') | |||
| offset_query_param = 'offset' | |||
| offset_query_description = _('The initial index from which to return the results.') | |||
| max_limit = None | |||
| max_limit = api_settings.MAX_PAGE_SIZE | |||
There was a problem hiding this comment.
Same here. I think this shoud be a property.
| @@ -601,7 +603,7 @@ class CursorPagination(BasePagination): | |||
|
|
|||
| # Set to an integer to limit the maximum page size the client may request. | |||
| # Only relevant if 'page_size_query_param' has also been set. | |||
| max_page_size = None | |||
| max_page_size = api_settings.MAX_PAGE_SIZE | |||
There was a problem hiding this comment.
Same here. I think this shoud be a property.
|
@auvipy @christophehenry @TheSuperiorStanislav If you don't mind, I can take this up and implement the changes requested |
Description
Add a setting for max page size for global pagination. Our team discovered that by default, page size is unlimited which could lead to API abuse and the only way to fix it -> it's to subclass pagination class(which is a working solution, but not convenient). After investigating issues I found related issue and comment.