On Tuesday 15 September 2009 12:28:51 Russell Keith-Magee wrote: > The CSRF tag approach you have implemented didn't win a lot of fans > whenever I described it, and for pretty much the same reasons I have > expressed previously - too many moving parts, and a little too much > manual intervention required. > > The discussions I had with Simon and Andrew revolved around trying to > improve the interface to SafeForm, and I think we may have a workable > solution. I've only just arrived home, so I'm fairly jet lagged at the > moment; I'll try to put the result of our discussions into the form of > a formal proposal over the next day or so.
OK, I'll wait and see. To clear things up, the template tag approach really has just two 'moving parts': - use RequestContext in your view (often you will be covered already e.g. generic views, and lots of people already using RequestContext everywhere) - use the csrf tag in the template. Everything else is global settings i.e. a one time change, which you will be prompted about *once* if you forget them, and then you can forget them. I'd be very surprised if SafeForm was a better result - it has major flaws that can't be addressed by API changes, AFAIC: * it requires using Django's form system. I've got plenty of views that don't (e.g. anything with a dynamic number of controls). People not using django.Forms are left out in the cold, or having to learn another way to do things. * it's off by default. Turning it on by default will require making django.forms.Form subclass SafeForm, which will almost certainly require a huge and immediate upgrade effort, because SafeForm cannot have the same API as Form. If it's off by default, I see no point at all in this entire exercise. If we don't arrive at a point where the POST form created in the tutorial is safe from CSRF, I think we've failed. And it will still require changes to templates, just like the template tag, and it will also require changes to views, only significantly more complex than simply using RequestContext. It's got at least as many and at least as intrusive 'moving parts' AFAICS. It also has the disadvantage that it is much more intrusive - you can't just switch out the implementation of your CSRF protection mechanism like you can with the template tag and middleware. But I'll wait 'til I see your proposal. Luke -- "My capacity for happiness you could fit into a matchbox without taking out the matches first." (Marvin the paranoid android) Luke Plant || http://lukeplant.me.uk/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
