Move settings stuff actually into settings

djangorestframework/request.py

@@ -43,10 +43,9 @@ class Request(object):
           authenticating the request's user.
     """
 
-    _USE_FORM_OVERLOADING = True
-    _METHOD_PARAM = '_method'
-    _CONTENTTYPE_PARAM = '_content_type'
-    _CONTENT_PARAM = '_content'
+    _METHOD_PARAM = api_settings.FORM_METHOD_OVERRIDE
+    _CONTENT_PARAM = api_settings.FORM_CONTENT_OVERRIDE
+    _CONTENTTYPE_PARAM = api_settings.FORM_CONTENTTYPE_OVERRIDE
 
     def __init__(self, request, parsers=None, authentication=None):
         self._request = request
@@ -194,8 +193,13 @@ class Request(object):
         form fields or not.
         """
 
+        USE_FORM_OVERLOADING = (
+            self._METHOD_PARAM or
+            (self._CONTENT_PARAM and self._CONTENTTYPE_PARAM)
+        )
+
         # We only need to use form overloading on form POST requests.
-        if (not self._USE_FORM_OVERLOADING
+        if (not USE_FORM_OVERLOADING
             or self._request.method != 'POST'
             or not is_form_media_type(self._content_type)):
             return
@@ -205,12 +209,15 @@ class Request(object):
         self._files = self._request.FILES
 
         # Method overloading - change the method and remove the param from the content.
-        if self._METHOD_PARAM in self._data:
+        if (self._METHOD_PARAM and
+            self._METHOD_PARAM in self._data):
             # NOTE: `pop` on a `QueryDict` returns a list of values.
             self._method = self._data.pop(self._METHOD_PARAM)[0].upper()
 
         # Content overloading - modify the content type, and re-parse.
-        if (self._CONTENT_PARAM in self._data and
+        if (self._CONTENT_PARAM and
+            self._CONTENTTYPE_PARAM and
+            self._CONTENT_PARAM in self._data and
             self._CONTENTTYPE_PARAM in self._data):
             self._content_type = self._data.pop(self._CONTENTTYPE_PARAM)[0]
             self._stream = StringIO(self._data.pop(self._CONTENT_PARAM)[0])

djangorestframework/response.py

@@ -38,7 +38,7 @@ class Response(SimpleTemplateResponse):
         - renderers(list/tuple). The renderers to use for rendering the response content.
     """
 
-    _ACCEPT_QUERY_PARAM = '_accept'        # Allow override of Accept header in URL query params
+    _ACCEPT_QUERY_PARAM = api_settings.URL_ACCEPT_OVERRIDE
     _IGNORE_IE_ACCEPT_HEADER = True
 
     def __init__(self, content=None, status=None, headers=None, view=None, request=None, renderers=None):
@@ -107,13 +107,16 @@ class Response(SimpleTemplateResponse):
         """
         request = self.request
 
-        if self._ACCEPT_QUERY_PARAM and request.GET.get(self._ACCEPT_QUERY_PARAM, None):
+        if (self._ACCEPT_QUERY_PARAM and
+            request.GET.get(self._ACCEPT_QUERY_PARAM, None)):
             # Use _accept parameter override
             return [request.GET.get(self._ACCEPT_QUERY_PARAM)]
         elif (self._IGNORE_IE_ACCEPT_HEADER and
               'HTTP_USER_AGENT' in request.META and
-              MSIE_USER_AGENT_REGEX.match(request.META['HTTP_USER_AGENT'])):
-            # Ignore MSIE's broken accept behavior and do something sensible instead
+              MSIE_USER_AGENT_REGEX.match(request.META['HTTP_USER_AGENT']) and
+              request.META.get('HTTP_X_REQUESTED_WITH', '') != 'XMLHttpRequest'):
+            # Ignore MSIE's broken accept behavior except for AJAX requests
+            # and do something sensible instead
             return ['text/html', '*/*']
         elif 'HTTP_ACCEPT' in request.META:
             # Use standard HTTP Accept negotiation

djangorestframework/settings.py

@@ -36,7 +36,11 @@ DEFAULTS = {
     'DEFAULT_PERMISSIONS': (),
     'DEFAULT_THROTTLES': (),
     'UNAUTHENTICATED_USER': 'django.contrib.auth.models.AnonymousUser',
-    'UNAUTHENTICATED_TOKEN': None
+    'UNAUTHENTICATED_TOKEN': None,
+    'FORM_METHOD_OVERRIDE': '_method',
+    'FORM_CONTENT_OVERRIDE': '_content',
+    'FORM_CONTENTTYPE_OVERRIDE': '_content_type',
+    'URL_ACCEPT_OVERRIDE': '_accept'
 }
 
 if yaml: