Can I have some feedback on this please? I've now addressed everything outstanding (tested under HTTPS and updated the tutorials), and I've included a friendly summary at the top of http://code.djangoproject.com/wiki/CsrfProtection
For those wanting to see the patch, for once Trac hasn't barfed on it, so you can see it with nice formatting here: http://code.djangoproject.com/attachment/ticket/9977/csrf_template_tag_r11477_1.diff As far as I'm concerned, this is ready for checkin, except that I haven't had *any* recent feedback or thumbs up etc. from the list or other core devs. This is a breaking change (i.e. there are required changes to some settings for things to continue to work), so it needs some attention, and it's security related as well (which justifies the breakage as well as more attention IMO). I really don't want this to sit around bitrotting or eventually get postponed to Django 1.3. It's best going in ASAP, so that we can iron out any problems with the upgrade instructions before releasing 1.2. Thanks, Luke -- "I'm at peace with the world. I'm completely serene. I know why I was put here and why everything exists. I am here so everybody can do what I want. Once everybody accepts it, they'll be serene too." (Calvin and Hobbes) Luke Plant || http://lukeplant.me.uk/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
