On Nov 15, 7:55 am, Luke Plant <[EMAIL PROTECTED]> wrote: > You would have to change the middleware so that it does > its 'rejection' business in process_view() instead of > process_request() -- it would check the view for the flag, and require > the CSRF token if it wasn't found. > > To me, this approach seems nicer than including stuff explicitly in > forms or views -- there is too much room for developer error if the > request has actually got as far as a view function.
Agreed. I like this solution. Also, I think it would be good to have access to the CSRF token on the context (via a context processor) - this way you can easily stuff your ajax methods with the token too, if need be. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---