I wrote: > Completely harmless side effect: you get > double insertion of the CSRF token in the contrib apps (this works > fine, it isn't even invalid HTML).
In fact, we can even remove this side effect, and the performance hit of using the CsrfResponseMiddleware where it is not needed, by using the 'csrf_response_exempt' decorator on the appropriate views. I don't know if it's worth the pain of having to decorate all those view functions, although for the admin views I think it's a one-liner if you put it in the right place (in AdminSite.admin_view() ?) Regards, Luke -- "The first ten million years were the worst. And the second ten million, they were the worst too. The third ten million, I didn't enjoy at all. After that I went into a bit of a decline." (Marvin the paranoid android) Luke Plant || http://lukeplant.me.uk/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
