> Le 28 août 2014 à 03:25, Tim Graham <[email protected]> a écrit : > > I am fine with putting it in core instead of contrib. That just means we need > to figure out what to do about settings since we cannot put them on an > AppConfig. Assuming we don't want to add them as normal settings, we may be > able to use the approach proposed on this mailing list for the CSRF settings > -- using attributes on the middleware class (PR). In that could work by > iterating through MIIDDLEWARE_CLASSES until it finds a subclass of > SecurityMiddleware and then check the attributes (settings) on that class. I > will look into this approach tomorrow.
As soon as we have something that is a global setting, I don't find it an improvement to hide it in an object instead of keeping it in plain sight in the settings. Having to subclass a middleware just to change the lifetime of the CSRF cookie doesn't look like an improvement. -- Aymeric. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/655F5FB7-6ED3-4C54-BEF8-7E8416C946F3%40polytechnique.org. For more options, visit https://groups.google.com/d/optout.
