On Thursday 19 March 2009 19:18:19 Bob Thomas wrote: > On Mar 19, 2:49 pm, Luke Plant <[email protected]> wrote: > > The hard work isn't the template tag, it's: > > > > - tests (the existing ones are in django/contrib/csrf/tests.py) > > - documentation > > - converting the admin (I really think this needs to be done > > before we can check this in, because we want to deprecate > > CsrfResponseMiddleware and make it clear in the docs what the > > One True Way is. > > So, if the template tag wasn't hard enough to write, it's not > helpful?
Sorry if that's what came over, and sorry if you thought I wasn't appreciating what you'd done (see my comment on the bug as well). I was simply saying that this is actually quite a long way from being ready for checkin. That's why I think it is better to enable the middleware now, for security, than wait for the 'perfect' solution which isn't going to be ready before Django 1.1 In reply to your other email, BTW - no offense taken, I realise my comments on the bug were frustrating. Regards, Luke -- "Oh, look. I appear to be lying at the bottom of a very deep, dark hole. That seems a familiar concept. What does it remind me of? Ah, I remember. Life." (Marvin the paranoid android) Luke Plant || http://lukeplant.me.uk/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
