On Tuesday 22 September 2009 21:24:48 Luke Plant wrote: > 2) Get the view to be exempted from the normal CSRF checks done > by the middleware. Thankfully, we already have not one but two > ways of doing this - the manual @csrf_exempt decorator on views, > and the internal mechanism that allows the decorator and > middleware to avoid duplicate checking. Automatically doing the > latter in csrf_protect_form is probably the way ahead.
Hmm, had a thinko there. The middleware is run *before* decorators have had a chance to modify the request object. So only the first of these will work I think. That plays badly with your method of dispatching from your own view code. You will have to manually csrf_exempt your top level view code, and manully apply csrf_protect_form as needed. Luke -- "Pretension: The downside of being better than everyone else is that people tend to assume you're pretentious." (despair.com) Luke Plant || http://lukeplant.me.uk/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
