Django

Middleware

Request/response pipeline and custom middleware

Middleware

Middleware processes every request/response—security, sessions, CSRF, auth.

MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
]
# tasks/middleware.py (example)
import time
from django.utils.deprecation import MiddlewareMixin

class RequestTimingMiddleware(MiddlewareMixin):
    def process_request(self, request):
        request._start = time.perf_counter()

    def process_response(self, request, response):
        if hasattr(request, "_start"):
            ms = (time.perf_counter() - request._start) * 1000
            response["X-Request-Time-ms"] = f"{ms:.1f}"
        return response