On Sep 24, 2:18 pm, zellyn <[EMAIL PROTECTED]> wrote: > Would it make sense to have the middleware/view decorator set a > property on the request, and pass the request to all forms, and have > *all* forms CSRF-protect themselves when the property is set? That > would make it easy to add protection to externally-developed apps.
That's an interesting idea. I'm a bit cautious of requiring ALL forms to take a request object though - Django's current form library is decoupled from Django's request object, which is actually a really useful property. I've used a "form" class to import CSV data in to Django ORM models in the past for example, using the form logic to handle the necessary type conversions. Keeping django.forms decoupled from HttpRequest also ensurse it can be used by other Python web frameworks that don't have the same request/ response model. I'm fine with SafeForm depending on HttpRequest, but I'd rather not introduce that dependency to BaseForm and Form. Cheers, Simon --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
