On Sep 25, 2:54 am, Rudolph <[EMAIL PROTECTED]> wrote: > I like Luke's arguments. > > A middleware seems like the right place because CSRF protection is > about requests and responses. CSRF protection is more about POST > requests in generic, with HTML forms being a very common type of POST > request. > > IMHO the default settings.py file (generated with 'django-admin.py > startproject') should have the middleware enabled by default.
I wouldn't mind keeping the middleware around and enabling it by default, but including SafeForm in the same app (at django.contrib.csrf.forms). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
